Skip typing passwords and keep private keys locked down. AbsoluteTelnet/SSH can authenticate through external agents like OpenSSH Agent, PuTTY Pageant, and 1Password’s SSH agent.
What is an authentication agent?
An authentication agent securely holds your SSH private keys in memory and answers signature requests on your behalf. With an agent running, AbsoluteTelnet/SSH can log in using your loaded keys—no repeated passphrase prompts and no plaintext keys on disk.
- Convenience: Unlock once, use across many sessions.
- Security: Private keys stay inside the agent process.
- Compatibility: Works with OpenSSH-compatible agents and Pageant-compatible tools.
What agents are supported?
- OpenSSH Agent (Windows 10/11 built-in
ssh-agentor via Git for Windows) — OpenSSH - PuTTY Pageant (classic
.ppkworkflow) — Download PuTTY/Pageant - 1Password SSH agent (exposes an OpenSSH-compatible agent) — 1Password SSH docs
Prerequisites
- Install and run your preferred agent (OpenSSH, Pageant, or 1Password with SSH agent enabled).
- Add your key(s) to the agent:
- OpenSSH:
ssh-add ~/.ssh/id_ed25519(or your key path) - Pageant: Launch
pageant.exe, click Add Key…, and load your.ppk - 1Password: Enable “SSH agent” in 1Password settings and authorize your identities
- OpenSSH:
Enable agent auth in AbsoluteTelnet/SSH
- Start AbsoluteTelnet/SSH client. Minimum supported version is 13.11.
- Open Options → Properties → Connection → SSH2
- Enter the hostname and optionally the username for the connection.
- Under Authentication, enable ‘Authentication Agent’. On new connections, this is enabled by default. For existing connections, it may be disabled.
- Click OK, save the connection (your
.tntfile stores settings) and connect.
What you’ll see: If your agent is running and unlocked and has a matching key for the server, the login proceeds immediately. If the agent needs a passphrase, it will prompt you (via the agent), not the client.
Agent forwarding (optional)
If you need your local keys to be usable on jump hosts, enable Agent Forwarding (Options/properties/Connection/SSH2/Forwarding) in your session settings. Then, when you SSH from the first server to another, authentication can still come from your local agent. Only enable forwarding to hosts you trust.
Tips for common setups
- Windows OpenSSH Agent: Start the OpenSSH Authentication Agent service (Services.msc) or run
ssh-agent, then usessh-addto load keys. - Pageant: Launch
pageant.exeat login with your keys preloaded for one-click reuse. - Smart cards: If your agent fronts a smart card, AbsoluteTelnet works transparently once the agent is unlocked. (AbsoluteTelnet also supports direct smart-card auth if you prefer.)
Troubleshooting
- “No agent detected” — Start your agent before launching AbsoluteTelnet and make sure the key is added.
- “Still asks for password” — Confirm the server allows public-key auth and your public key is installed on the account.
- “Wrong key offered” — Remove extra keys from the agent or specify the intended identity in your session profile.
- Forwarding not working — Verify agent forwarding is enabled in your session and allowed by the destination server.
Why use an agent instead of a key file?
- Centralized key management across tools (AbsoluteTelnet, Git, WSL, etc.).
- Keys never touch disk in plaintext; passphrases stay with the agent.
- Easy to pair with hardware tokens or 1Password for stronger protection.
FAQ
Does this replace AbsoluteTelnet’s other auth methods (Kerberos, smart card, etc.)?
No. Agent auth is an additional option. You can still use Kerberos/GSSAPI, direct smart-card, or password auth where needed.
Can I mix agent auth with SFTP?
Yes. Once your SSH session is established (via agent or otherwise), the integrated SFTP browser reuses the same connection.
Where are these settings saved?
In your AbsoluteTelnet .tnt connection file alongside colors, terminal type, and other preferences.