version 1.16, 2000/09/07 20:27:54 |
version 1.16.2.5, 2001/09/27 00:15:42 |
|
|
.\" incompatible with the protocol description in the RFC file, it must be |
.\" incompatible with the protocol description in the RFC file, it must be |
.\" called by a name other than "ssh" or "Secure Shell". |
.\" called by a name other than "ssh" or "Secure Shell". |
.\" |
.\" |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
.\" |
.\" |
.\" Redistribution and use in source and binary forms, with or without |
.\" Redistribution and use in source and binary forms, with or without |
.\" modification, are permitted provided that the following conditions |
.\" modification, are permitted provided that the following conditions |
|
|
.Sh SYNOPSIS |
.Sh SYNOPSIS |
.Nm ssh-agent |
.Nm ssh-agent |
.Op Fl c Li | Fl s |
.Op Fl c Li | Fl s |
.Op Fl k |
.Op Fl d |
.Oo |
.Op Ar command Op Ar args ... |
.Ar command |
.Nm ssh-agent |
.Op Ar args ... |
.Op Fl c Li | Fl s |
.Oc |
.Fl k |
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm |
.Nm |
is a program to hold private keys used for public key authentication |
is a program to hold private keys used for public key authentication |
|
|
Kill the current agent (given by the |
Kill the current agent (given by the |
.Ev SSH_AGENT_PID |
.Ev SSH_AGENT_PID |
environment variable). |
environment variable). |
|
.It Fl d |
|
Debug mode. When this option is specified |
|
.Nm |
|
will not fork. |
.El |
.El |
.Pp |
.Pp |
If a commandline is given, this is executed as a subprocess of the agent. |
If a commandline is given, this is executed as a subprocess of the agent. |
|
|
identities anywhere in the network in a secure way. |
identities anywhere in the network in a secure way. |
.Pp |
.Pp |
There are two main ways to get an agent setup: |
There are two main ways to get an agent setup: |
Either you let the agent |
Either the agent starts a new subcommand into which some environment |
start a new subcommand into which some environment variables are exported, or |
variables are exported, or the agent prints the needed shell commands |
you let the agent print the needed shell commands (either |
(either |
.Xr sh 1 |
.Xr sh 1 |
or |
or |
.Xr csh 1 |
.Xr csh 1 |
syntax can be generated) which can be evalled in the calling shell. |
syntax can be generated) which can be evalled in the calling shell. |
Later |
Later |
.Xr ssh 1 |
.Xr ssh 1 |
look at these variables and use them to establish a connection to the agent. |
looks at these variables and uses them to establish a connection to the agent. |
.Pp |
.Pp |
A unix-domain socket is created |
A unix-domain socket is created |
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , |
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , |
|
|
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa $HOME/.ssh/identity |
.It Pa $HOME/.ssh/identity |
Contains the RSA authentication identity of the user. |
Contains the protocol version 1 RSA authentication identity of the user. |
This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
It is possible to |
It is possible to |
specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
|
|
.Xr ssh-add 1 |
.Xr ssh-add 1 |
at login time. |
at login time. |
.It Pa $HOME/.ssh/id_dsa |
.It Pa $HOME/.ssh/id_dsa |
Contains the DSA authentication identity of the user. |
Contains the protocol version 2 DSA authentication identity of the user. |
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , |
.It Pa $HOME/.ssh/id_rsa |
|
Contains the protocol version 2 RSA authentication identity of the user. |
|
.It Pa /tmp/ssh-XXXXXXXX/agent.<pid> |
Unix-domain sockets used to contain the connection to the |
Unix-domain sockets used to contain the connection to the |
authentication agent. |
authentication agent. |
These sockets should only be readable by the owner. |
These sockets should only be readable by the owner. |
The sockets should get automatically removed when the agent exits. |
The sockets should get automatically removed when the agent exits. |
.El |
.El |
.Sh AUTHOR |
.Sh AUTHORS |
Tatu Ylonen <ylo@cs.hut.fi> |
OpenSSH is a derivative of the original and free |
.Pp |
ssh 1.2.12 release by Tatu Ylonen. |
OpenSSH |
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
is a derivative of the original (free) ssh 1.2.12 release, but with bugs |
Theo de Raadt and Dug Song |
removed and newer features re-added. |
removed many bugs, re-added newer features and |
Rapidly after the 1.2.12 release, |
created OpenSSH. |
newer versions bore successively more restrictive licenses. |
Markus Friedl contributed the support for SSH |
This version of OpenSSH |
protocol versions 1.5 and 2.0. |
.Bl -bullet |
|
.It |
|
has all components of a restrictive nature (i.e., patents, see |
|
.Xr ssl 8 ) |
|
directly removed from the source code; any licensed or patented components |
|
are chosen from |
|
external libraries. |
|
.It |
|
has been updated to support ssh protocol 1.5. |
|
.It |
|
contains added support for |
|
.Xr kerberos 8 |
|
authentication and ticket passing. |
|
.It |
|
supports one-time password authentication with |
|
.Xr skey 1 . |
|
.El |
|
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr ssh 1 , |
.Xr ssh 1 , |
.Xr ssh-add 1 , |
.Xr ssh-add 1 , |
.Xr ssh-keygen 1 , |
.Xr ssh-keygen 1 , |
.Xr sshd 8 , |
.Xr sshd 8 |
.Xr ssl 8 |
|