Gentoo Wiki


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc


SSH Basics

Tips & Tricks

Other Gentoo-wiki SSH

It has been suggested that this article or section be merged into HOWTO SSH without a password. (Discuss)


Who needs keychains? :P

After setting up your public and private key as instructed in SSH without a password page, you can follow this guide to make ssh-agent handle your keys, and provide you with passwordless logins in a secure way.

This may not be KDE specific. If anyone knows about a startup folder for gnome or other Window Managers, this will probably work with them as well. This works in KDE 3.5.

Install askpass

You can install whichever askpass you like; one of "gtk2-ssh-askpass" or "x11-ssh-askpass". As you can guess, gtk2 version has dependencies on various gtk libraries.

Code: Installing one of *-ssh-askpass
 emerge -av net-misc/gtk2-ssh-askpass
 emerge -av net-misc/x11-ssh-askpass

There is also a KDE4 askpass implementation underway and in fact, you could use the current KDE3 version as well. Check it out on . An ebuild is provided on the stormfront overlay .

Askpass programs show a dialog box asking for the ssh keys' passphrases on behalf of ssh-add.

Note: It is unwise to have keys without passphrases, if someone just copies the keyfile he/she will have access to all accounts that allow that key.

Xinitrc Way for starting agent

If you want ssh-agent to load when KDE starts and shutdown automatically when kde stops, then just use ssh-agent to spawn KDE...

Note: If you start a process with ssh-agent, ssh-agent will terminate when the process terminates.

Create a .xinitrc file w/ the following:

File: in your .xinitrc:
exec /usr/bin/ssh-agent startkde

Non-KDE way to add keys to agent

Run ssh-add from a terminal once you've logged in. It will ask for the key's passphrase and add it to agent. That's it.

KDE Scripts

To start/stop agent using global configuration

Use the following file to automatically startup ssh-agent.


There is also an auto shutdown file


If the two mechanisms above are supported by your version of KDE, and you use them, then the only step you need below is the script. Then just uncomment the appropriate lines in the above files.

To start agent using local configuration ~/.kde/env/

mkdir ~/.kde/env
vim ~/.kde/env/
chmod u+x ~/.kde/env/

The ~/.kde/env/ file should contain the following.

NOTE: $HOME will/should evaluate to your home directory. No need to change it.

File: ~/.kde/env/
/usr/bin/ssh-agent -s > $HOME/.ssh/
. $HOME/.ssh/ > /dev/null

To stop agent using local configuration ~/.kde/shutdown/

Create a kde shutdown script to stop ssh-agent properly at logout, disabling any further access to keys.

mkdir ~/.kde/shutdown
vim ~/.kde/shutdown/
chmod u+x ~/.kde/shutdown/

The ~/.kde/shutdown/ file should contain the following...

File: ~/.kde/shutdown/
/usr/bin/ssh-agent -k

To add keys at startup ~/.kde/Autostart/

This Step ensures that your keys are added to the agent as soon as you open your session.

mkdir ~/.kde/Autostart
ln -s /usr/bin/ssh-add ~/.kde/Autostart/

Cronjobs and shell scripts

To use keys in ssh-agent within shell scripts or cron jobs, thus easing logging into remote machines and doing tasks, just source $HOME/.ssh/ with this command:

 . $HOME/.ssh/ > /dev/null

This will import the necessary environmental variables for ssh to connect to the agent. They are initiated by "-s" parameter given to ssh-agent in the ~/.kde/env/ defined above. If you use any other way to start ssh-agent, give -s parameter and save the output to $HOME/.ssh/ If you are using a csh like shell, use -c instead of -s.

Agent forwarding

Giving "-A" parameter to ssh enables authentication agent forwarding. (Note capital "A") This will enable you to add keys in remote machines to your currently running ssh-agent. Just ssh into remote machine using ssh -A <rest of the command> and run "ssh-add"

To forward ssh agent in every ssh connection, make the following changes to ~/.ssh/config file.

File: ~/.ssh/config
ForwardAgent yes

Example scenario for agent forwarding

  1. You have two machines A and B.
  2. You are currently working at A and your keys in the ssh-agent enable paswordless login to machines c and d.
  3. Keys in B allow login into e and f.
  4. If you connect from A to B using ssh -A username@B then run ssh-add at B, you can then connect from A to c,d,e and f without passwords
Retrieved from ""

Last modified: Mon, 18 Aug 2008 13:52:00 +0000 Hits: 27,024