keychain
Manage SSH keys conveniently and securely
TLDR
Check for a running ssh-agent, and start one if needed
Also check for gpg-agent
List signatures of all active keys
List fingerprints of all active keys
Add a timeout for identities added to the agent, in minutes
SYNOPSIS
keychain [options] [id_rsa id_dsa ...]
PARAMETERS
--agents ssh,gpg,kssh
Specify which agents to manage. Default is 'ssh'.
--confdir DIRECTORY
Specify a directory to store keychain configuration files. Defaults to $HOME/.keychain.
--eval
Output shell commands to set environment variables for ssh-agent. Useful for manual integration.
--help
Display help information.
--nogpg
Do not manage the gpg-agent.
--noksh
Do not manage the kssh-agent.
--noauto
Do not automatically add keys. The user will need to do this manually by calling 'ssh-add'.
--quiet
Suppress informational messages.
id_rsa id_dsa ...
List of private key files to add to ssh-agent.
DESCRIPTION
keychain is a shell script designed to simplify SSH key management, particularly in environments where users frequently log in and out. It acts as a front-end to ssh-agent and ssh-add, storing your SSH keys in memory and making them available across multiple login sessions. This avoids the need to repeatedly enter your passphrase each time you need to use your SSH keys, for example, when connecting to remote servers or accessing Git repositories. keychain automatically starts ssh-agent if it's not already running and adds the specified keys to the agent. It also updates your shell environment variables to point to the active ssh-agent, making it readily accessible. A crucial benefit is its integration with login scripts (.bashrc, .zshrc, etc.), allowing you to load keys at login and have them available without manual intervention. Furthermore, keychain handles multiple users and shells, ensuring that each user has their own independent ssh-agent instance and associated keys.
CAVEATS
Keychain stores your passphrase in memory via ssh-agent. While more convenient, this means that anyone with access to your user account can potentially use your SSH keys.
It is important to secure your computer accordingly.
Keychain might require adjustments to your shell configuration files to function correctly.
CONFIGURATION
Keychain uses configuration files stored in ~/.keychain (or the directory specified by --confdir) to persist settings between sessions. These files contain the environment variables needed to connect to the active ssh-agent.
USAGE IN LOGIN SCRIPTS
To automatically start keychain and add keys at login, add the following line to your .bashrc, .zshrc, or equivalent shell configuration file:eval `keychain --eval id_rsa`
Replace id_rsa with the names of your private key files.
HISTORY
Keychain was developed to address the need for persistent SSH key management across multiple login sessions. It evolved as a shell script wrapper around ssh-agent and ssh-add, streamlining the process of managing SSH keys and minimizing the need for repeated passphrase entry. It has become a popular tool for simplifying SSH key management on Linux and other Unix-like systems.