In this chapter, we've seen how to create and use SSH identities, represented by key pairs, either individually (OpenSSH) or in collections (Tectia). Keys are created by ssh-keygen and are accessed by clients as needed. Tectia provides an additional layer of configuration, the identification file, which lets you use a set of identities as a single identity. You may have as many identities as you like. Be sure to read our case study on PKI and scalable authentication for another detailed look at identities. [11.5]
SSH agents are useful timesavers to avoid retyping passphrases. Their operation has numerous subtleties, but once you get the hang of it, running an agent should become second nature.