f you work a lot on linux and use ssh often, you quickly realize that typing your password every time you connect to a remote host gets annoying.
Not only that, it is not the best solution in terms of security either:
Every time you type a password, a snooper has an extra chance to see it.
Every host you ssh to with which you use your password, well, has to know your password. Or a hash of your password. In any case, you probably have typed your password on that host once or twice in your life (even if just for passwd, for example).
If you are victim of a Man In The Middle attack, your password may get stolen. Sure, you can verify the fingerprint of every host you connect to, and disable authentication without challenge and response in your ssh config. But what if there was a way you didn't have to do that?
This is where key authentication comes into play: instead of using a password to log in a remote host, you can use a pair of keys, and well, ssh-agent.
http://rabexc.org/posts/pitfalls-of-ssh-agents
If you've ever used SSH keys to manage multiple machines, then chances are you've used SSH-agent. This tool is designed to keep a SSH key in memory so that the user doesn't have to type their passphrase in every time. However, this can create some security risk. A user running as root may have the ability to pull the decrypted SSH key from memory and reconstruct it. Due to needing root access, this attack may seem useless. For example, an attacker may be able to install a keylogger and use that to obtain the passphrase for the SSH key. However, this causes the attacker to have to wait for the target to type in their passphrase. This might be hours, days, or weeks, depending on how often the target logs out. This is why obtaining the SSH key from memory is vital to pivoting to other machines in a speedy fashion.
Configuration ssh.
Voire aussi http://mah.everybody.org/docs/ssh
et ssh-agent https://wiki.archlinux.org/index.php/SSH_Keys