How can I get ssh-agent (or gpg-agent) to "lazily" add keys?

I am on Linux, but I'd like to know also for FreeBSD and OS X and I believe the answer should be portable. What I would like to do is start ssh-agent on login, but not add any keys immediately. Then, if I do something during my session that needs an ssh key, rather than have it ask for my password to decrypt my key and then discard it, I'd like it to ask for my password, decrypt my key, and add it to the agent, so the next time I do anything that needs my key, it's already there. What I do not like is simply typing in my password on login, because this amounts to three password prompts every login (because I also use gpg-agent). I use keychain[1] for agent management, not sure if this will help or hurt. [1]: http://manpages.ubuntu.com/manpages/intrepid/man1/keychain.1.html
Answer:

This is actually the default behavior with gnome-keyring-daemon. Unfortunately, ssh-agent does not exhibit the same behavior.

Was this solution helpful to you?

Other answers

This is actually just the way ssh-agent works. You start out by running just ssh-agent; this sets some environment variables which let your shell and everything that inherits from it refer to the active ssh-agent process. Later you run ssh-add and it adds your keys using those environment variables. You can do this in your .xinitrc with a line like "eval ssh-agentsshâˆ’aâ‰¥ntssh-agent", and run ssh-add at your leisure from any shell. That's all there is to it!

Paul McCann

I have login scripts that check to see if my ssh-agent is running and the PID matches a value I squirrel away in a per-host named file in a private home directory (so that my home directory can be on a network mounted filesystem.) If it is running, I load the appropriate environment variables, otherwise I print (echo) out some lines I can cut-n-paste to restart ssh-agent and save the environment variables it produces. I run ssh-agent with a time-limit on how long before I have to re-enter my password and it works pretty well for me. Of course, I'm careful with file and directory access modes - but I have to trust the owners of the filesystems involved. In the particular case of the networked filesystem I designed it for, the filesystem was AFS not NFS and so I wasn't vulnerable to most root compromises, just the filesystem sysadmins (and I knew who they were.)

Richard Conto

Related Q & A:

How can I trick SSH to connect using different configurations based on current location?Best solution by Server Fault
Where can i get an agent?Best solution by Yahoo! Answers
How do I get an acting and modeling agent?Best solution by Yahoo! Answers
How can I get an acting agent?Best solution by Yahoo! Answers
How can I get a singing agent?Best solution by ChaCha

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.