Why should I kill ssh-agent on logout? I have set up ssh-agent on my macOS laptop, and a 24x7 running server. Why do I need to kill ssh-agent on every logout? Source of my knowledge of ssh-agent:

Why should I kill ssh-agent on logout? I have set up ssh-agent on my macOS laptop, and a 24x7 running server. Why do I need to kill ssh-agent on every logout? Source of my knowledge of ssh-agent: < eval `ssh-agent` # Start ssh-agent echo $SSH_AGENT_PID # 20552 (Check ssh-agent is running) ssh-add # Add id_rsa key to ssh-agent kill $SSH_AGENT_PID # Kill ssh-agent on logout Why is this last step required? ### Methods to kill `ssh-agent` processes The easiest way I've found to find all running shh-agent processes ps ax | grep ssh-agent # outputs details of processes OR pgrep ssh-agent # outputs list of PIDs only The easiest way I've found to kill all running ssh-agent processes pkill ssh-agent

If you don't manually kill it off, the agent will stay resident in your system.

Aside from being untidy on general principle, this has two potential problems:

1. As Kusanalanda points out it means you will wind up spawning another `ssh-agent` processs every time you log in, which gets kind of sloppy on the process table even if their footprint is probably negligible.

2. More seriously, each of those processes will have your _unlocked_ private keys in their memory. If an attacker were to gain access to your system and exploit a (hypothetical, I'm not currently aware any exist) bug in either kernel memory management or the `ssh-agent` code itself to potentially extract your private keys.

Sure, the last one is low probability, but it's just as easy to kill the process and remove the risk entirely.

Better safe than sorry.