Annotation of src/usr.bin/ssh/ssh-add.1, Revision 1.46
1.46 ! jmc 1: .\" $OpenBSD: ssh-add.1,v 1.45 2007/06/12 07:41:00 djm Exp $
1.20 niklas 2: .\"
1.1 deraadt 3: .\" -*- nroff -*-
4: .\"
5: .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6: .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7: .\" All rights reserved
8: .\"
1.17 deraadt 9: .\" As far as I am concerned, the code I have written for this software
10: .\" can be used freely for any purpose. Any derived versions of this
11: .\" software must be clearly marked as such, and if the derived work is
12: .\" incompatible with the protocol description in the RFC file, it must be
13: .\" called by a name other than "ssh" or "Secure Shell".
14: .\"
15: .\"
1.22 deraadt 16: .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
17: .\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
18: .\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
1.17 deraadt 19: .\"
20: .\" Redistribution and use in source and binary forms, with or without
21: .\" modification, are permitted provided that the following conditions
22: .\" are met:
23: .\" 1. Redistributions of source code must retain the above copyright
24: .\" notice, this list of conditions and the following disclaimer.
25: .\" 2. Redistributions in binary form must reproduce the above copyright
26: .\" notice, this list of conditions and the following disclaimer in the
27: .\" documentation and/or other materials provided with the distribution.
1.1 deraadt 28: .\"
1.17 deraadt 29: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
30: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
31: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
32: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
33: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
34: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.1 deraadt 39: .\"
1.45 djm 40: .Dd $Mdocdate: May 31 2007 $
1.2 deraadt 41: .Dt SSH-ADD 1
42: .Os
43: .Sh NAME
44: .Nm ssh-add
1.27 stevesk 45: .Nd adds RSA or DSA identities to the authentication agent
1.2 deraadt 46: .Sh SYNOPSIS
47: .Nm ssh-add
1.42 jmc 48: .Op Fl cDdLlXx
1.33 markus 49: .Op Fl t Ar life
1.2 deraadt 50: .Op Ar
1.26 jakob 51: .Nm ssh-add
52: .Fl s Ar reader
53: .Nm ssh-add
54: .Fl e Ar reader
1.12 aaron 55: .Sh DESCRIPTION
1.2 deraadt 56: .Nm
1.14 markus 57: adds RSA or DSA identities to the authentication agent,
1.2 deraadt 58: .Xr ssh-agent 1 .
1.28 djm 59: When run without arguments, it adds the files
1.43 djm 60: .Pa ~/.ssh/id_rsa ,
61: .Pa ~/.ssh/id_dsa
1.28 djm 62: and
1.43 djm 63: .Pa ~/.ssh/identity .
1.11 aaron 64: Alternative file names can be given on the command line.
65: If any file requires a passphrase,
1.2 deraadt 66: .Nm
1.12 aaron 67: asks for the passphrase from the user.
1.25 stevesk 68: The passphrase is read from the user's tty.
1.23 markus 69: .Nm
70: retries the last passphrase if multiple identity files are given.
1.2 deraadt 71: .Pp
1.40 matthieu 72: The authentication agent must be running and the
73: .Ev SSH_AUTH_SOCK
74: environment variable must contain the name of its socket for
1.2 deraadt 75: .Nm
1.1 deraadt 76: to work.
1.2 deraadt 77: .Pp
78: The options are as follows:
79: .Bl -tag -width Ds
1.36 markus 80: .It Fl c
81: Indicates that added identities should be subject to confirmation before
1.38 jmc 82: being used for authentication.
83: Confirmation is performed by the
1.36 markus 84: .Ev SSH_ASKPASS
1.38 jmc 85: program mentioned below.
86: Successful confirmation is signaled by a zero exit status from the
1.36 markus 87: .Ev SSH_ASKPASS
88: program, rather than text entered into the requester.
1.42 jmc 89: .It Fl D
90: Deletes all identities from the agent.
91: .It Fl d
1.46 ! jmc 92: Instead of adding identities, removes identities from the agent.
1.45 djm 93: If
94: .Nm
1.46 ! jmc 95: has been run without arguments, the keys for the default identities will
1.45 djm 96: be removed.
97: Otherwise, the argument list will be interpreted as a list of paths to
98: public key files and matching keys will be removed from the agent.
99: If no public key is found at a given path,
100: .Nm
101: will append
102: .Pa .pub
103: and retry.
1.42 jmc 104: .It Fl e Ar reader
105: Remove key in smartcard
106: .Ar reader .
107: .It Fl L
108: Lists public key parameters of all identities currently represented
109: by the agent.
110: .It Fl l
111: Lists fingerprints of all identities currently represented by the agent.
1.26 jakob 112: .It Fl s Ar reader
113: Add key in smartcard
114: .Ar reader .
1.42 jmc 115: .It Fl t Ar life
116: Set a maximum lifetime when adding identities to an agent.
117: The lifetime may be specified in seconds or in a time format
118: specified in
119: .Xr sshd_config 5 .
120: .It Fl X
121: Unlock the agent.
122: .It Fl x
123: Lock the agent with a password.
1.2 deraadt 124: .El
1.9 markus 125: .Sh ENVIRONMENT
126: .Bl -tag -width Ds
127: .It Ev "DISPLAY" and "SSH_ASKPASS"
1.1 deraadt 128: If
1.2 deraadt 129: .Nm
1.1 deraadt 130: needs a passphrase, it will read the passphrase from the current
1.11 aaron 131: terminal if it was run from a terminal.
132: If
1.2 deraadt 133: .Nm
1.1 deraadt 134: does not have a terminal associated with it but
1.2 deraadt 135: .Ev DISPLAY
1.8 markus 136: and
137: .Ev SSH_ASKPASS
138: are set, it will execute the program specified by
139: .Ev SSH_ASKPASS
1.11 aaron 140: and open an X11 window to read the passphrase.
141: This is particularly useful when calling
1.2 deraadt 142: .Nm
143: from a
1.41 jmc 144: .Pa .xsession
1.11 aaron 145: or related script.
146: (Note that on some machines it
1.2 deraadt 147: may be necessary to redirect the input from
148: .Pa /dev/null
149: to make this work.)
1.31 markus 150: .It Ev SSH_AUTH_SOCK
151: Identifies the path of a unix-domain socket used to communicate with the
152: agent.
1.16 itojun 153: .El
1.39 jmc 154: .Sh FILES
155: .Bl -tag -width Ds
1.43 djm 156: .It Pa ~/.ssh/identity
1.39 jmc 157: Contains the protocol version 1 RSA authentication identity of the user.
1.43 djm 158: .It Pa ~/.ssh/id_dsa
1.39 jmc 159: Contains the protocol version 2 DSA authentication identity of the user.
1.43 djm 160: .It Pa ~/.ssh/id_rsa
1.39 jmc 161: Contains the protocol version 2 RSA authentication identity of the user.
162: .El
163: .Pp
164: Identity files should not be readable by anyone but the user.
165: Note that
166: .Nm
167: ignores identity files if they are accessible by others.
1.29 markus 168: .Sh DIAGNOSTICS
169: Exit status is 0 on success, 1 if the specified command fails,
170: and 2 if
171: .Nm
172: is unable to contact the authentication agent.
1.39 jmc 173: .Sh SEE ALSO
174: .Xr ssh 1 ,
175: .Xr ssh-agent 1 ,
176: .Xr ssh-keygen 1 ,
177: .Xr sshd 8
1.18 aaron 178: .Sh AUTHORS
1.19 markus 179: OpenSSH is a derivative of the original and free
180: ssh 1.2.12 release by Tatu Ylonen.
181: Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
182: Theo de Raadt and Dug Song
183: removed many bugs, re-added newer features and
184: created OpenSSH.
185: Markus Friedl contributed the support for SSH
186: protocol versions 1.5 and 2.0.