DevOps
SSH Agent vs Raw Keys: When to Use Each (and When Not To)
B
Bishal BhattaraiJanuary 27, 2026
1 min read
2 views
SSH Agent vs Raw Keys: When to Use Each (and When Not To)
SSH gives you two ways to authenticate:
- raw private keys
- SSH agent
They are not interchangeable.
What SSH agent is
SSH agent is:
A background process that holds private keys in memory
It signs authentication requests without exposing key files.
Raw keys (direct usage)
ssh -i ~/.ssh/key user@server
Simple and explicit.
Best for:
- CI/CD
- automation
- servers
SSH agent usage
ssh-add ~/.ssh/key
ssh user@server
Best for:
- local development
- frequent access
- passphrase-protected keys
Why CI/CD should NOT use agent
- agents require interactive sessions
- runners are ephemeral
- keys must be explicit
Use raw keys in automation.
Security tradeoffs
| Method | Risk |
|---|---|
| Raw keys | file leakage |
| Agent | memory hijack |
Choose based on context.
Final rule
Humans → SSH agent
Automation → raw keys
Never mix them.
Related Posts
Cloud
Moving from SSH to AWS SSM: Secure Server Access Without Keys
Learn how AWS SSM replaces SSH for secure server access without open ports, keys, or bastion hosts.
January 27, 2026•1 min read
DevOps
SSH Config Explained: How to Simplify Server Access with a Clean Laptop Setup
Learn how to use an SSH config file on your laptop to simplify server access, avoid mistakes, and connect to servers like LogicCraft with ease.
January 22, 2026•4 min read
DevOps
SSH Key Rotation and Revocation Strategies for Production Systems
Learn how to rotate and revoke SSH keys safely in production without downtime, broken deployments, or accidental lockouts.
January 27, 2026•2 min read