Why eval the output of ssh-agent?

In order to run ssh-agent I have to use:

eval $(ssh-agent)

Why is it necessary to eval the output of ssh-agent? Why can’t I just run it?

Asked By: jx12345

||

ssh-agent outputs the environment variables you need to have to connect to it:

shadur@proteus:~$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-492P67qzMeGA/agent.7948; export SSH_AUTH_SOCK;
SSH_AGENT_PID=7949; export SSH_AGENT_PID;
echo Agent pid 7949;
shadur@proteus:~$ 

By calling eval you immediately load those variables into your environment.

As to why ssh-agent can’t do that itself… Note the word choice. Not “won’t”, “can’t“. In Unix, a process can only modify its own environment variables, and pass them on to children. It can not modify its parent process’ environment because the system won’t allow it. This is pretty basic security design.

You could get around the eval by using ssh-agent utility where utility is your login shell, your window manager or whatever other thing needs to have the SSH environment variables set. This is also mentioned in the manual.

Answered By: Shadur
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.