I recently discovered that I can add an SSH key to an SSH agent on a different machine. I find this useful because I am very protective of my SSH keys and prefer to keep them on my desktop (Dakara) and not on my laptop (Adria).
On Adria, you can see that I have no keys added:
zac@adria:~$ ssh-add -l The agent has no identities.
I then secure shell to Dakara and forward my agent (-A) from Adria. I still have no keys added:
zac@adria:~$ ssh dakara -A zac@dakara's password: No mail. Last login: Mon Feb 9 17:30:49 2009 from adria.lund zac@dakara:~$ ssh-add -l The agent has no identities.
Next, I add a key from Dakara to my agent on Adria:
zac@dakara:~$ ssh-add Enter passphrase for /home/zac/.ssh/id_dsa: Identity added: /home/zac/.ssh/id_dsa (/home/zac/.ssh/id_dsa) zac@dakara:~$ ssh-add -l 2048 27:81:f8:7f:38:75:6b:ce:95:e4:46:62:02:9c:84:bd /home/zac/.ssh/id_dsa (DSA)
When I log out of Dakara, the key is still available on Adria:
zac@dakara:~$ logout Connection to dakara closed. zac@adria:~$ ssh-add -l 2048 27:81:f8:7f:38:75:6b:ce:95:e4:46:62:02:9c:84:bd /home/zac/.ssh/id_dsa (DSA)
Now my key is available on Adria without ever being on Adria. Even with physical access to my laptop, it would take a sophisticated hacker to steal my SSH key.