Load SSH Keys to Memory with SSH Agent

By Jimmy Bonney | June 27, 2012

SSH Agent

As I explained in my previous article, we have migrated our code base to Git. In the process of automating the deployment process on our production server, I wanted to use one of the latest feature of BitBucket: deployment keys.

Bitbucket has a very well documented process describing the overall procedure, but the whole step about starting the ssh-agent and loading keys is something that is a bit cumbersome to reproduce every time one logs in to the production server to pull an update.

To simplify this a little bit, I have automated some of the steps so that:

  1. The ssh-agent is started every time the user logs in through SSH
  2. a simple script responsible of loading the key(s) can be executed when one want to load them

The following scripts are based on the article Unattended Batch Jobs using SSH Agent.

1. Start SSH-Agent when user logs in

When a user logs in, a few files from his environment are loaded. This is the case of ~/.bash_profile, ~/.bashrc and ~/.profile for instance. Fire up a text editor, and load bash_profile (nano ~/.bash_profile) and enter the following at the bottom of the file.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Start ssh-agent if not already running

if [ $LOGNAME = "username" ]
then
  pid=`ps | grep ssh-agent | grep -v grep`
  if [ "$pid" = "" ]
  then
    echo "Starting SSH Agent: ssh-agent"
    exec /usr/bin/ssh-agent $SHELL
  else
    echo "Setup Env for SSH Agent from ~/.agent_info"
    . ./.agent_info
  fi
fi

Do not forget to replace username by the username that you have logged in with (or for which you want to load the ssh-agent) and verify that the path to ssh-agent (/usr/bin/ssh-agent here above) works in your environment.

2. Load Keys when necessary

As I mention in introduction, I do not need to load the keys every time I log in to the server. Therefore, I have set up the next step to be executed with a script. The code is taken from the same article mentioned in introduction. You might need to update three things in the snippets below:

  1. the name of the file
  2. the username (simply replace username by your username)
  3. the key you wish to load (simply replace ~/.ssh/your_private_key_rsa with the path to the key you want to load)

Let’s create the file…

1
nano ~/.load_keys

… and populate it.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/bin/bash

# Setup Environment for ssh-agent
test -n "$SSH_AGENT_PID" && echo \
"SSH_AGENT_PID=$SSH_AGENT_PID; \
export SSH_AGENT_PID" > ~/.agent_info

test -n "$SSH_AUTH_SOCK" && echo \
"SSH_AUTH_SOCK=$SSH_AUTH_SOCK; \
export SSH_AUTH_SOCK" >>  ~/.agent_info

# Load the Private Keys into the running SSH Agent
if [ $LOGNAME = "username" ]
then
  # pid=`ps | grep ssh-agent | grep -v grep`
  pid=$SSH_AGENT_PID
  echo "pid=$pid"
  if [ "$pid" != "" ]
  then
    if /usr/bin/tty 1> /dev/null 2>&1
    then
      # ssh-add 1> /dev/null 2>&1
      ssh-add ~/.ssh/your_private_key_rsa
    fi
  fi
fi

Save the file (ctrl + o), exit the editor (ctrl + x) and make the file executable (chmod + x).

You can now execute the script (~/.load_keys) and if everything goes well you should be prompted for your passphrase (or it should just end gracefully if you have a key without passphrase). You can finally verify that the key is loaded properly by running ssh-add -l.

If you would like to automate this a step further, you should be able to put the script above in ~/.bashrc instead so that it is loaded automatically during login.

3. Git pull

And that’s it. Updating the code is now done in three simple steps:

  1. Login through SSH to the server: ssh username@yourapp.com
  2. Load the key (and enter passphrase if necessary): ~/.load_keys
  3. Update the code base: git pull


For the time being, comments are managed by Disqus, a third-party library. I will eventually replace it with another solution, but the timeline is unclear. Considering the amount of data being loaded, if you would like to view comments or post a comment, click on the button below. For more information about why you see this button, take a look at the following article.