version 1.16.2.6, 2002/03/08 17:04:43 |
version 1.17, 2000/11/10 05:10:40 |
|
|
.\" incompatible with the protocol description in the RFC file, it must be |
.\" incompatible with the protocol description in the RFC file, it must be |
.\" called by a name other than "ssh" or "Secure Shell". |
.\" called by a name other than "ssh" or "Secure Shell". |
.\" |
.\" |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
.\" |
.\" |
.\" Redistribution and use in source and binary forms, with or without |
.\" Redistribution and use in source and binary forms, with or without |
.\" modification, are permitted provided that the following conditions |
.\" modification, are permitted provided that the following conditions |
|
|
.Sh SYNOPSIS |
.Sh SYNOPSIS |
.Nm ssh-agent |
.Nm ssh-agent |
.Op Fl c Li | Fl s |
.Op Fl c Li | Fl s |
.Op Fl d |
.Op Fl k |
.Op Ar command Op Ar args ... |
.Oo |
.Nm ssh-agent |
.Ar command |
.Op Fl c Li | Fl s |
.Op Ar args ... |
.Fl k |
.Oc |
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm |
.Nm |
is a program to hold private keys used for public key authentication |
is a program to hold private keys used for public key authentication |
|
|
Kill the current agent (given by the |
Kill the current agent (given by the |
.Ev SSH_AGENT_PID |
.Ev SSH_AGENT_PID |
environment variable). |
environment variable). |
.It Fl d |
|
Debug mode. When this option is specified |
|
.Nm |
|
will not fork. |
|
.El |
.El |
.Pp |
.Pp |
If a commandline is given, this is executed as a subprocess of the agent. |
If a commandline is given, this is executed as a subprocess of the agent. |
|
|
.Xr ssh-add 1 . |
.Xr ssh-add 1 . |
When executed without arguments, |
When executed without arguments, |
.Xr ssh-add 1 |
.Xr ssh-add 1 |
adds the files |
adds the |
.Pa $HOME/.ssh/id_rsa , |
.Pa $HOME/.ssh/identity |
.Pa $HOME/.ssh/id_dsa |
file. |
and |
|
.Pa $HOME/.ssh/identity . |
|
If the identity has a passphrase, |
If the identity has a passphrase, |
.Xr ssh-add 1 |
.Xr ssh-add 1 |
asks for the passphrase (using a small X11 application if running |
asks for the passphrase (using a small X11 application if running |
|
|
identities anywhere in the network in a secure way. |
identities anywhere in the network in a secure way. |
.Pp |
.Pp |
There are two main ways to get an agent setup: |
There are two main ways to get an agent setup: |
Either the agent starts a new subcommand into which some environment |
Either you let the agent |
variables are exported, or the agent prints the needed shell commands |
start a new subcommand into which some environment variables are exported, or |
(either |
you let the agent print the needed shell commands (either |
.Xr sh 1 |
.Xr sh 1 |
or |
or |
.Xr csh 1 |
.Xr csh 1 |
syntax can be generated) which can be evalled in the calling shell. |
syntax can be generated) which can be evalled in the calling shell. |
Later |
Later |
.Xr ssh 1 |
.Xr ssh 1 |
looks at these variables and uses them to establish a connection to the agent. |
look at these variables and use them to establish a connection to the agent. |
.Pp |
.Pp |
The agent will never send a private key over its request channel. |
|
Instead, operations that require a private key will be performed |
|
by the agent, and the result will be returned to the requester. |
|
This way, private keys are not exposed to clients using the agent. |
|
.Pp |
|
A unix-domain socket is created |
A unix-domain socket is created |
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , |
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , |
and the name of this socket is stored in the |
and the name of this socket is stored in the |
|
|
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa $HOME/.ssh/identity |
.It Pa $HOME/.ssh/identity |
Contains the protocol version 1 RSA authentication identity of the user. |
Contains the RSA authentication identity of the user. |
|
This file should not be readable by anyone but the user. |
|
It is possible to |
|
specify a passphrase when generating the key; that passphrase will be |
|
used to encrypt the private part of this file. |
|
This file is not used by |
|
.Nm |
|
but is normally added to the agent using |
|
.Xr ssh-add 1 |
|
at login time. |
.It Pa $HOME/.ssh/id_dsa |
.It Pa $HOME/.ssh/id_dsa |
Contains the protocol version 2 DSA authentication identity of the user. |
Contains the DSA authentication identity of the user. |
.It Pa $HOME/.ssh/id_rsa |
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , |
Contains the protocol version 2 RSA authentication identity of the user. |
|
.It Pa /tmp/ssh-XXXXXXXX/agent.<pid> |
|
Unix-domain sockets used to contain the connection to the |
Unix-domain sockets used to contain the connection to the |
authentication agent. |
authentication agent. |
These sockets should only be readable by the owner. |
These sockets should only be readable by the owner. |
The sockets should get automatically removed when the agent exits. |
The sockets should get automatically removed when the agent exits. |
.El |
.El |
.Sh AUTHORS |
.Sh AUTHORS |
OpenSSH is a derivative of the original and free |
Tatu Ylonen <ylo@cs.hut.fi> |
ssh 1.2.12 release by Tatu Ylonen. |
.Pp |
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
OpenSSH |
Theo de Raadt and Dug Song |
is a derivative of the original (free) ssh 1.2.12 release, but with bugs |
removed many bugs, re-added newer features and |
removed and newer features re-added. |
created OpenSSH. |
Rapidly after the 1.2.12 release, |
Markus Friedl contributed the support for SSH |
newer versions bore successively more restrictive licenses. |
protocol versions 1.5 and 2.0. |
This version of OpenSSH |
|
.Bl -bullet |
|
.It |
|
has all components of a restrictive nature (i.e., patents, see |
|
.Xr ssl 8 ) |
|
directly removed from the source code; any licensed or patented components |
|
are chosen from |
|
external libraries. |
|
.It |
|
has been updated to support ssh protocol 1.5. |
|
.It |
|
contains added support for |
|
.Xr kerberos 8 |
|
authentication and ticket passing. |
|
.It |
|
supports one-time password authentication with |
|
.Xr skey 1 . |
|
.El |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr ssh 1 , |
.Xr ssh 1 , |
.Xr ssh-add 1 , |
.Xr ssh-add 1 , |
.Xr ssh-keygen 1 , |
.Xr ssh-keygen 1 , |
.Xr sshd 8 |
.Xr sshd 8 , |
|
.Xr ssl 8 |