Running ssh-agent from a shell script

ssh bash shell shell-scripting ssh-agent

44,817

Solution 1

ssh-agent is supposed to start a session and when it finishes the user session is over. So any command after ssh-agent would perhaps be executed after logoff.

What you want is a session-script that contains your sessions commands like this:

#!/bin/bash
ssh-add /path/to/key
bash -i # or other session starter

Then start ssh-agent session-script.

Solution 2

Put the following at the top of your script:

eval `ssh-agent`

Your script should look like this:

#!/bin/bash
eval `ssh-agent`
ssh-add /path/to/key
...
...

Explanation

The backticks around ssh-agent collect its output. eval collects that output, concatenates it into a single command, and then executes the command. Then you can use ssh-add to provide your key credentials.

Solution 3

I found this works for me.

eval `ssh-agent` # create the process
ssh-add ~/.ssh/priv_key # add the key
git -C $repo_dir pull # this line is the reason for the ssh-agent
eval `ssh-agent -k` # kill the process

I create the ssh-agent process, add the key, do what I need to do, then kill it. No need to check if it's running later.

Solution 4

I tend to do something like this in scripts that require an agent.

#!/bin/bash

# if we can't find an agent, start one, and restart the script.
if [ -z "$SSH_AUTH_SOCK" ] ; then
  exec ssh-agent bash -c "ssh-add ; $0"
  exit
fi

... and so on.

Basically the first thing the script does it check to see if an agent is running. If it isn't exec is used to start a new process in place of the script. The agent is started, keys are added, and finally, the script is called again (see the $0).

Solution 5

It is better to use keychain in this case

Debian/Ubuntu:

apt-get install keychain

RHEL/Fedora/CentOS

yum install keychain

Add in your .bashrc the following:

eval `keychain --eval id_rsa`

View more solutions

44,817

Dan

Updated on September 18, 2022

Comments

Dan over 1 year
I'm trying to create a shell script that, among other things, starts up ssh-agent and adds a private key to the agent. Example:
```
#!/bin/bash
# ...
ssh-agent $SHELL
ssh-add /path/to/key
# ...
```
The problem with this is ssh-agent apparently kicks off another instance of $SHELL (in my case, bash) and from the script's perspective it's executed everything and ssh-add and anything below it is never run.

How can I run ssh-agent from my shell script and keep it moving on down the list of commands?
- thebiggestlebowski over 3 years
  
  This answer helped me: serverfault.com/questions/547923/…
Dan over 10 years

Thanks! Creating a separate script and ending the script with exit did the trick.
Denilson Sá Maia almost 10 years

But that will not preserve any script parameters. And if any of the parameters has whitespace, it won't be easy to pass them along.
Zoredache almost 10 years

You could use .. "ssh-add ; $0 $*", or .. "ssh-add ; $0 $@" instead, which may work. Which wouldn't be perfect, but would certainly work in many cases. The best solution is almost always to have your agent running before anything else anyway, this is just something that might be useful in obscure cases.
sibaz over 8 years

This is exactly what I needed, thanks, although worth pointing out that backticks are on the way out. In the new bash form, it should be eval $(ssh-agent)
JFlo over 6 years

Better? Why is it better?
Scott Carlson almost 6 years

@JFlo "Better" in that, it will save the env variables to $HOME/.keychain/<file>. Running that command again will pickup an existing ssh-agent if it is still running. It can then be reused between shells/scripts. In some scenarios that isn't super safe, so you have to make that call. For me, it is an improvement over some scripts I'd written to accomplish the same task
JFlo almost 6 years

This is a very unsafe practice. Why bother using ssh at all? If you don't protect your private key, you might as well be talking in clear text.
Adolfo Correa over 5 years

This solution didn't work for me until I put bash -i at the end of the script.
dave_thompson_085 about 5 years

@JFlo: not if your client system is sufficiently secure, which it might be. Especially if you (can and do) add ACL, SELinux, or similar, which is easy with a static file but less so with ssh-agent's randomized socket. That said I wouldn't usually recommend it as first choice.
Alexander Bird about 5 years

While that is a very helpful process you provide, I don't think it answers anything about the OP's question.
Alexander Mills about 5 years

what is a session-script?
Adrian Lopez over 2 years

This solution works perfectly, and I consider it very secure. You could run the eval command from a script, you can add 'zsh -i' after. That way you enable the keyring, and you can disable it typing 'exit'. Example: pastebin.com/6bdsLKZR