Ssh-agent

ssh-agent is a program that used together with OpenSSH or similar SSH programs provides a secure way of storing the private key.

Public-key cryptography plays the central role in the idea of logging into a server from a local machine via SSH. The main point is that a key pair will be generated consisting of a private key and a public key. The public key is available for everyone and often stored on public key servers. Any user has access to this key, whereas the private key must be kept secretly. It is used to decrypt any message encrypted with the public key.

A password-based authentication process (in the common example of OpenSSH) may be vulnerable to brute-force attacks, if no mechanism is in place to detect them. To mitigate this lack of security, ssh supports public key authentication. In order to log in securely to a remote system via a secure shell, a private key/public key pair is generated. The private key is stored on the local machine. The public key is stored on the target machine in the $HOME/.ssh/authorized_keys file. Public keys are not sensitive information and may be known to anybody, whereas the private key needs to be protected very carefully by a strong passphrase. ssh-agent remembers the decrypted private key so that the user does not need to type a passphrase every time he or she wants to connect or send data to the server.