After all these years aspects of ssh still baffle me 10 November 2019, 18:41:07 I was adding non-passphrase authorization to a few servers I recently put up, and I find myself still lost as to some aspects of ssh, still today after decades of using it.For example, looking over this entry into a linux forum I found:https://unix.stackexchange.com/questions/72552/whats-the-purpose-of-ssh-agentWhich to me is a REALLY good questionOne of the responses is:QuoteThe SSH agent handles signing of authentication data for you. When authenticating to a server, you are required to sign some data using your private key, to prove that you are, well, you.As a security measure, most people sensibly protect their private keys with a passphrase, so any authentication attempt would require you to enter this passphrase. This can be undesirable, so the ssh-agent caches the key for you and you only need to enter the password once, when the agent wants to decrypt it (and often not even that, as the ssh-agent can be integrated with pam, which many distros do).I never have to autheticate my private key, as a practle matter, and I haven't done so for years. Am I to infer that my private keys are not password protected?Confusing me more is that I have public keys generated in files under ~/sshCode: [Select][[email protected] ~]$ ls -al ./.ssh/total 56drwxrwxrwx 2 ruben ruben 4096 Nov 10 11:43 .drwxrwxrwx 290 ruben ruben 36864 Nov 10 11:44 ..-rw------- 1 ruben ruben 782 Oct 17 2018 authorized_keys-rw------- 1 ruben ruben 1675 Sep 4 2016 id_rsa-rwxrwxrwx 1 ruben ruben 396 Sep 4 2016 id_rsa.pub-rwxrwxrwx 1 ruben ruben 1905 Oct 31 21:18 known_hostsCode: [Select][[email protected] ~]$ cat ./.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EA..blahblablahIWuiJH4iA [email protected]So the public key is already generated. Why do I need to regenerate it?QuoteThe SSH agent never hands these keys to client programs, but merely presents a socket over which clients can send it data and over which it responds with signed data. A side benefit of this is that you can use your private key even with programs you don't fully trust.Another benefit of the SSH agent is that it can be forwarded over SSH. What is IT?QuoteSo when you ssh to host A, while forwarding your agent, you can then ssh from A to another host B without needing your key present (not even in encrypted form) on host A.what? If I do that, it is as a user on the middle machine. A->ssh->B(run shell)->ssh->c(run shell)data from C is only being relayed back to me because it is being sent to stdout on the shell of B. I am not directly connected to A->C, nor is there a relay that I am aware of.