Annotation of src/usr.bin/ssh/ssh-add.1, Revision 1.57
1.57 ! djm 1: .\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $
1.1 deraadt 2: .\"
3: .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4: .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5: .\" All rights reserved
6: .\"
1.17 deraadt 7: .\" As far as I am concerned, the code I have written for this software
8: .\" can be used freely for any purpose. Any derived versions of this
9: .\" software must be clearly marked as such, and if the derived work is
10: .\" incompatible with the protocol description in the RFC file, it must be
11: .\" called by a name other than "ssh" or "Secure Shell".
12: .\"
13: .\"
1.22 deraadt 14: .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
15: .\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
16: .\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
1.17 deraadt 17: .\"
18: .\" Redistribution and use in source and binary forms, with or without
19: .\" modification, are permitted provided that the following conditions
20: .\" are met:
21: .\" 1. Redistributions of source code must retain the above copyright
22: .\" notice, this list of conditions and the following disclaimer.
23: .\" 2. Redistributions in binary form must reproduce the above copyright
24: .\" notice, this list of conditions and the following disclaimer in the
25: .\" documentation and/or other materials provided with the distribution.
1.1 deraadt 26: .\"
1.17 deraadt 27: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.1 deraadt 37: .\"
1.57 ! djm 38: .Dd $Mdocdate: October 18 2011 $
1.2 deraadt 39: .Dt SSH-ADD 1
40: .Os
41: .Sh NAME
42: .Nm ssh-add
1.53 djm 43: .Nd adds private key identities to the authentication agent
1.2 deraadt 44: .Sh SYNOPSIS
45: .Nm ssh-add
1.56 djm 46: .Op Fl cDdkLlXx
1.33 markus 47: .Op Fl t Ar life
1.2 deraadt 48: .Op Ar
1.26 jakob 49: .Nm ssh-add
1.50 jmc 50: .Fl s Ar pkcs11
1.26 jakob 51: .Nm ssh-add
1.50 jmc 52: .Fl e Ar pkcs11
1.12 aaron 53: .Sh DESCRIPTION
1.2 deraadt 54: .Nm
1.53 djm 55: adds private key identities to the authentication agent,
1.2 deraadt 56: .Xr ssh-agent 1 .
1.28 djm 57: When run without arguments, it adds the files
1.43 djm 58: .Pa ~/.ssh/id_rsa ,
1.53 djm 59: .Pa ~/.ssh/id_dsa ,
60: .Pa ~/.ssh/id_ecdsa
1.28 djm 61: and
1.43 djm 62: .Pa ~/.ssh/identity .
1.52 djm 63: After loading a private key,
64: .Nm
65: will try to load corresponding certificate information from the
66: filename obtained by appending
67: .Pa -cert.pub
68: to the name of the private key file.
1.11 aaron 69: Alternative file names can be given on the command line.
1.52 djm 70: .Pp
1.11 aaron 71: If any file requires a passphrase,
1.2 deraadt 72: .Nm
1.12 aaron 73: asks for the passphrase from the user.
1.25 stevesk 74: The passphrase is read from the user's tty.
1.23 markus 75: .Nm
76: retries the last passphrase if multiple identity files are given.
1.2 deraadt 77: .Pp
1.40 matthieu 78: The authentication agent must be running and the
79: .Ev SSH_AUTH_SOCK
80: environment variable must contain the name of its socket for
1.2 deraadt 81: .Nm
1.1 deraadt 82: to work.
1.2 deraadt 83: .Pp
84: The options are as follows:
85: .Bl -tag -width Ds
1.36 markus 86: .It Fl c
87: Indicates that added identities should be subject to confirmation before
1.38 jmc 88: being used for authentication.
89: Confirmation is performed by the
1.36 markus 90: .Ev SSH_ASKPASS
1.38 jmc 91: program mentioned below.
92: Successful confirmation is signaled by a zero exit status from the
1.36 markus 93: .Ev SSH_ASKPASS
94: program, rather than text entered into the requester.
1.42 jmc 95: .It Fl D
96: Deletes all identities from the agent.
97: .It Fl d
1.46 jmc 98: Instead of adding identities, removes identities from the agent.
1.45 djm 99: If
100: .Nm
1.57 ! djm 101: has been run without arguments, the keys for the default identities and
! 102: their corresponding certificateswill be removed.
1.45 djm 103: Otherwise, the argument list will be interpreted as a list of paths to
1.57 ! djm 104: public key files to specify keys and certificates to be removed from the agent.
1.45 djm 105: If no public key is found at a given path,
106: .Nm
107: will append
108: .Pa .pub
109: and retry.
1.49 markus 110: .It Fl e Ar pkcs11
1.51 markus 111: Remove keys provided by the PKCS#11 shared library
1.49 markus 112: .Ar pkcs11 .
1.56 djm 113: .It Fl k
1.57 ! djm 114: When loading keys into or deleting keys from the agent, process plain private
! 115: keys only and skip certificates.
1.42 jmc 116: .It Fl L
117: Lists public key parameters of all identities currently represented
118: by the agent.
119: .It Fl l
120: Lists fingerprints of all identities currently represented by the agent.
1.49 markus 121: .It Fl s Ar pkcs11
1.51 markus 122: Add keys provided by the PKCS#11 shared library
1.49 markus 123: .Ar pkcs11 .
1.42 jmc 124: .It Fl t Ar life
125: Set a maximum lifetime when adding identities to an agent.
126: The lifetime may be specified in seconds or in a time format
127: specified in
128: .Xr sshd_config 5 .
129: .It Fl X
130: Unlock the agent.
131: .It Fl x
132: Lock the agent with a password.
1.2 deraadt 133: .El
1.9 markus 134: .Sh ENVIRONMENT
135: .Bl -tag -width Ds
136: .It Ev "DISPLAY" and "SSH_ASKPASS"
1.1 deraadt 137: If
1.2 deraadt 138: .Nm
1.1 deraadt 139: needs a passphrase, it will read the passphrase from the current
1.11 aaron 140: terminal if it was run from a terminal.
141: If
1.2 deraadt 142: .Nm
1.1 deraadt 143: does not have a terminal associated with it but
1.2 deraadt 144: .Ev DISPLAY
1.8 markus 145: and
146: .Ev SSH_ASKPASS
147: are set, it will execute the program specified by
148: .Ev SSH_ASKPASS
1.11 aaron 149: and open an X11 window to read the passphrase.
150: This is particularly useful when calling
1.2 deraadt 151: .Nm
152: from a
1.41 jmc 153: .Pa .xsession
1.11 aaron 154: or related script.
155: (Note that on some machines it
1.2 deraadt 156: may be necessary to redirect the input from
157: .Pa /dev/null
158: to make this work.)
1.31 markus 159: .It Ev SSH_AUTH_SOCK
1.47 sobrado 160: Identifies the path of a
1.48 sobrado 161: .Ux Ns -domain
162: socket used to communicate with the agent.
1.16 itojun 163: .El
1.39 jmc 164: .Sh FILES
165: .Bl -tag -width Ds
1.43 djm 166: .It Pa ~/.ssh/identity
1.39 jmc 167: Contains the protocol version 1 RSA authentication identity of the user.
1.43 djm 168: .It Pa ~/.ssh/id_dsa
1.39 jmc 169: Contains the protocol version 2 DSA authentication identity of the user.
1.53 djm 170: .It Pa ~/.ssh/id_ecdsa
171: Contains the protocol version 2 ECDSA authentication identity of the user.
1.43 djm 172: .It Pa ~/.ssh/id_rsa
1.39 jmc 173: Contains the protocol version 2 RSA authentication identity of the user.
174: .El
175: .Pp
176: Identity files should not be readable by anyone but the user.
177: Note that
178: .Nm
179: ignores identity files if they are accessible by others.
1.54 jmc 180: .Sh EXIT STATUS
1.29 markus 181: Exit status is 0 on success, 1 if the specified command fails,
182: and 2 if
183: .Nm
184: is unable to contact the authentication agent.
1.39 jmc 185: .Sh SEE ALSO
186: .Xr ssh 1 ,
187: .Xr ssh-agent 1 ,
188: .Xr ssh-keygen 1 ,
189: .Xr sshd 8
1.18 aaron 190: .Sh AUTHORS
1.19 markus 191: OpenSSH is a derivative of the original and free
192: ssh 1.2.12 release by Tatu Ylonen.
193: Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
194: Theo de Raadt and Dug Song
195: removed many bugs, re-added newer features and
196: created OpenSSH.
197: Markus Friedl contributed the support for SSH
198: protocol versions 1.5 and 2.0.
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-add.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh