Secure SSH key authentication with passphrase and ssh-agent

Secure your SSH key with passphrase

• Generate your SSH key pair for the remote SSH servers:

  ssh-keygen -t rsa -b 4096 -f ~/.ssh/gitlab_rsa

  
  Note: To secure your key pair, you must set a passphrase.
  It will create two files: gitlab_rsa and gitlab_rsa.pub in ~/.ssh directory.
  
• Configure to use the key pair when connecting to the remote SSH server by adding following lines to ~/.ssh/config

  Host gitlab.com
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/gitlab_rsa

  
  Now if you run git pull for the gitlab repositories. It will ask for the passphrase for gitlab_rsa key.

Use ssh-agent

If you want to do ssh or git pull without entering passphrase. You can use ssh-agent:

• Start ssh-agent:

  eval $(ssh-agent -s)

• Add the private key:

  ssh-add ~/.ssh/gitlab_rsa

  You need enter the passphrase to add the key.
• To list the keys managed by ssh-agent:

  ssh-add -l

By doing above, the agent will keep the private key in memory, and you do not need to enter the passphrase again.

See also

• SSH key authentication for gitlab
• https://stackoverflow.com/questions/17846529/could-not-open-a-connection-to-your-authentication-agent