Detailed explanation of SSH Service -- Using SSH proxy

Posted by zubinkasad on Wed, 12 Jan 2022 20:28:49 +0100

Detailed explanation of SSH service (III) -- Using SSH agent

  • The SSH server runs on ubuntu 18.04.1
  • SSH client in Windows10

Commands used in the previous section

ssh -i .\id_rsa  tyustli@

You can use SSH to remotely connect to the ssh server, but you need to specify the secret key every time. This section combs the knowledge related to SSH agent. After having SSH agent, you don't need to manually enter the secret key every time

SSH proxy usage steps

  • Start SSH agent
  • Add the corresponding private key to the ssh agent. When adding the private key, if you are prompted to enter the password of the private key, enter the correct password of the private key to add the private key to the ssh agent
  • Connect to remote users
  • Private key management

Introduction to SSH agent

ssh agent is a program that can help us manage private keys. ssh agent is ssh agent

So when do we need an ssh proxy to help us manage the private key? When we encounter the following situations, we will need an ssh proxy.

  • When connecting to different hosts with different keys, we need to manually specify the corresponding key every time. ssh agent can help us select the corresponding key for authentication without manually specifying the key

  • When the private key sets the password and we need to use the private key frequently for authentication, ssh proxy can help us avoid the repeated operation of entering the password

Start SSH agent

Start powershell as administrator and enter the following command in powershell


If the startup fails, an error will be reported, such as an error

unable to start ssh-agent service, error :1058

Set SSH agent to start automatically

Set-Service -Name ssh-agent -StartupType Automatic

The StartupType type can take the following parameters

  • Automatic 2
    Indicates that the service will be (or has been) started by the operating system at system startup. If an automatically started service depends on a manually started service, the manually started service will also be automatically started when the system is started.

  • Boot 0
    Indicates that the service is a device driver started by the system loader. This value is valid only for device drivers.

  • Disabled 4
    Indicates that the service is disabled and cannot be enabled by a user or application.

  • Manual 3
    Indicates that the service is started manually only by the user (using the service control manager) or the application.

  • System 1
    Indicates that the service is a device driver started by the IOInitSystem function. This value is valid only for device drivers.

The above command sets the SSH agent to start automatically. Enter the SSH agent command in the powershell command line again to start the SSH agent
View SSH agent after startup


After the command is executed, the results are as follows

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------
  80       7     1388       5688       0.02  26776   0 ssh-agent
  609      32    31456      72296       6.03   6916   1 StartMenuExperienceHost

If you want to close the SSH agent, use the command

kill 26776 // kill pid

Close SSH agent when asked

 Are you sure you want to perform the following actions Stop-Process operation: ssh-agent(26776)?
[Y] yes (Y)  [A] All (A)  [N] no (N)  [L] All no (L)  [S] suspend (S)  [?] help (The default value is“ Y"): Y

Enter Y

Add SSH private key

Add the private key and give it to the SSH agent for management

ssh-add .\id_rsa

Errors will be reported during addition

Permissions for '.\\id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

It is suggested that adding the private key file failed because too many users can access the private key and the private key is ignored. Therefore, you need to modify the permissions of the private key file

You can use the chmod command in Linux, but Windows does not have this command

In windows, the corresponding command is icacls

For specific icacls/cacls command parameters, please refer to the relevant help documents (powershell can view the command help by directly entering the command)

Give system users read permission

 icacls .\id_rsa /c /t /grant system:R

Disable inheritance

icacls .\id_rsa /c /t /inheritance:r

Give the current user read permission

 icacls .\id_rsa /c /t /grant tyustli:R # tyustli is the current user name

The above commands will have the following command execution results

Processed files: .\id_rsa
 1 file processed successfully; Failed to process 0 files

Another mistake is

invalid format 

This is because the processing of line breaking is different between Linux and windows systems. Line breaking in liux \ n but line breaking in windows is \ r\n

Enter again after the file permissions are modified

ssh-add .\id_rsa

Prompt SSH private key added successfully

Identity added: .\id_rsa (.\id_rsa)

Remote connection

After the private key is added to the SSH agent, you can connect directly

ssh tyustli@

At this time, you do not need to specify the private key or enter the login password to connect directly (if the private key has a password, you need to enter the password of the private key)

Exit connection


Private key management

View commands related to private key management

ssh-add --help
  -l          List fingerprints of all identities.
  -E hash     Specify hash algorithm used for fingerprints.
  -L          List public key parameters of all identities.
  -k          Load only keys and not certificates.
  -c          Require confirmation to sign using identities
  -t life     Set lifetime (in seconds) when adding identities.
  -d          Delete identity.
  -D          Delete all identities.
  -x          Lock agent.
  -X          Unlock agent.
  -s pkcs11   Add keys from PKCS#11 provider.
  -e pkcs11   Remove keys provided by PKCS#11 provider.
  -q          Be quiet after a successful operation.

Topics: ssh