Running ssh-add on a Remote Host

I learned something new today. It’s not earth-shattering, but it was news to me.

I have a standard SSH authorized_keys file that I install on all the machines I manage or use. That file contains a couple different public keys, one corresponding to the private key on my work laptop and one to that on my Mac at home.

Today, I was working at home, so I was using my home Mac, with its SSH private key loaded into the SSH agent. A colleague asked me to make a change to a git repository, but that repo has an odd configuration and only knows about my work-laptop keypair.

My laptop was still running at work, so I logged into it thinking that I’d just do the operation from the laptop, manually using its keypair.

On a lark, I ran ssh-add after logging into the laptop. Lo and behold, that key showed up in the agent on my home machine! I didn’t have to do the work on my laptop; I was able to do it all at home with my work key.

The lesson is, be careful where you run ssh-add. You may end up loading a remote key into your local agent. You may want that to happen…or not.