The SSH agent is running but has no private keys loaded. This error occurs when attempting to use ssh-add without first adding SSH keys to the agent. Fix by generating SSH keys, starting the SSH agent, and explicitly adding your keys.
This error means the SSH agent (the background process that manages authentication credentials) is running, but it does not have any private SSH keys registered with it. When you run ssh-add without arguments, it attempts to load default key files (~/.ssh/id_rsa, ~/.ssh/id_ed25519, etc.), but if those files do not exist or the agent cannot find them, it displays "No identities found". This typically indicates either that SSH keys were never generated on your system, or that they are stored in a non-standard location that ssh-add cannot discover.
First, verify whether SSH keys are already present on your system:
ls -la ~/.sshLook for files named id_rsa, id_ed25519, id_ecdsa, or similar. If you see these files, proceed to Step 2. If the directory is empty or does not exist, proceed to Step 3.
Check what keys the SSH agent currently has loaded:
ssh-add -lThis will show all identities the agent has. If you get "The agent has no identities", it confirms the agent is running but needs keys added. If you get "Could not open a connection to your authentication agent", the agent is not running — see Step 4.
If SSH keys do not exist, generate a new key pair:
ssh-keygen -t ed25519 -C "[email protected]"For older systems that do not support Ed25519, use RSA:
ssh-keygen -t rsa -b 4096 -C "[email protected]"Press Enter to save to the default location (~/.ssh/id_ed25519), then enter a passphrase for extra security (or leave blank for no passphrase).
Ensure the SSH agent is running and add your private key:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519(Replace id_ed25519 with id_rsa if you generated an RSA key.) If the key has a passphrase, you will be prompted to enter it. After successful entry, run ssh-add -l again to verify the key is loaded.
SSH is strict about permissions for security. Set correct permissions on your keys:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pubIf the agent still reports "No identities found" after correcting permissions, try removing and re-adding the key:
ssh-add -d ~/.ssh/id_ed25519
ssh-add ~/.ssh/id_ed25519To avoid having to manually add keys after each session, add this to your ~/.ssh/config file:
Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519On macOS Sierra and later, also add UseKeychain yes to store the passphrase in the system keychain:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519This ensures keys are automatically added to the agent for future sessions.
On macOS Sierra and later, the ssh-add -K command no longer persists keys in the keychain by default. If you want your passphrase stored in the keychain, ensure UseKeychain yes is in your ~/.ssh/config. However, Apple aligned macOS behavior with mainstream OpenSSH, so manual key addition after reboot may still be necessary. For systems using alternative SSH tools or hardware security keys (FIDO2), the SSH agent behavior may differ; consult the tool-specific documentation. If ssh-agent itself is not running (error code 2), you may need to start it in your shell rc file or use a session manager like systemd user services.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH