SSH shows "The agent has no identities" when ssh-agent is running but has no keys loaded. Add your private key to the agent using ssh-add to resolve this connection issue.
This error occurs when the SSH authentication agent (ssh-agent) is running on your system but does not have any private keys loaded into it. The agent is a background process that holds your SSH private keys in memory and uses them to authenticate connections without requiring you to enter passphrases repeatedly. When you try to establish an SSH connection or check the loaded keys with "ssh-add -l", the agent responds that it has no identities because no keys have been added to it yet.
First, check if ssh-agent is currently running. If it is not running, start it:
eval "$(ssh-agent -s)"This command starts ssh-agent and sets the necessary environment variables (SSH_AUTH_SOCK and SSH_AGENT_PID). The eval statement is important because it executes the output in your current shell.
Use ssh-add to load your private key into the agent. The default key location is ~/.ssh/id_rsa:
ssh-add ~/.ssh/id_rsaIf you are using a different key name (ed25519, id_dsa, etc.), specify that path:
ssh-add ~/.ssh/id_ed25519You will be prompted to enter your key's passphrase if it has one. Once entered, the key is loaded into the agent.
Confirm that your key is now loaded in the agent:
ssh-add -lThis lists the fingerprints of all identities currently held by the agent. You should see your key listed with its fingerprint and key type (RSA, ED25519, etc.).
Alternatively, use -L to see full public key details:
ssh-add -LSSH is strict about file permissions for security. Incorrect permissions can prevent the agent from using your key. Set the correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pubThe private key (id_rsa) must be readable only by you (600). The public key can be world-readable (644). The ~/.ssh directory must be accessible only by you (700).
By default, keys added to ssh-agent are lost when you close your terminal. To automatically load keys when you connect via SSH, add this to your ~/.ssh/config file:
Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsaReplace id_rsa with your actual key name if different. On macOS, you can also use the UseKeychain option to store passphrases in the system keychain:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsaOnce your key is loaded, test that authentication works:
ssh -v user@hostnameThe -v flag shows verbose output. Look for a line indicating "Offering public key" followed by "Authentication succeeded" or a similar message. If authentication still fails, check that your public key is added to ~/.ssh/authorized_keys on the remote server.
If you have multiple keys and want to add them all at once without specifying each path individually, you can use: ssh-add ~/.ssh/* (this will skip public key files and only add private keys). For security-conscious users, you can set a lifetime for loaded keys so they are automatically removed after a period of inactivity using: ssh-add -t 3600 ~/.ssh/id_rsa (this example sets a 1-hour lifetime). On some systems, you may need to check the SSH_AUTH_SOCK environment variable is set correctly by running: echo $SSH_AUTH_SOCK. If this is empty or points to a non-existent socket, your shell session may not have the agent properly initialized. Macintosh users should note that Keychain integration (UseKeychain) only works with SSH keys that were initially added to Keychain, and the option tells the system to remember the passphrase, not to add the key to the agent.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH