| version 1.24.2.2, 2002/03/09 00:20:45 |
version 1.25, 2001/06/26 04:07:06 |
|
|
| .Nd authentication agent |
.Nd authentication agent |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm ssh-agent |
.Nm ssh-agent |
| .Op Fl c Li | Fl s |
.Ar command |
| .Op Fl d |
.Ar args ... |
| .Op Ar command Op Ar args ... |
|
| .Nm ssh-agent |
.Nm ssh-agent |
| .Op Fl c Li | Fl s |
.Op Fl c Li | Fl s |
| |
.Nm ssh-agent |
| .Fl k |
.Fl k |
| |
.Nm ssh-agent |
| |
.Fl d |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| is a program to hold private keys used for public key authentication |
is a program to hold private keys used for public key authentication |
|
|
| .It Fl d |
.It Fl d |
| Debug mode. When this option is specified |
Debug mode. When this option is specified |
| .Nm |
.Nm |
| will not fork. |
will fork. |
| .El |
.El |
| .Pp |
.Pp |
| If a commandline is given, this is executed as a subprocess of the agent. |
If a commandline is given, this is executed as a subprocess of the agent. |
|
|
| .Xr ssh-add 1 . |
.Xr ssh-add 1 . |
| When executed without arguments, |
When executed without arguments, |
| .Xr ssh-add 1 |
.Xr ssh-add 1 |
| adds the files |
adds the |
| .Pa $HOME/.ssh/id_rsa , |
.Pa $HOME/.ssh/identity |
| .Pa $HOME/.ssh/id_dsa |
file. |
| and |
|
| .Pa $HOME/.ssh/identity . |
|
| If the identity has a passphrase, |
If the identity has a passphrase, |
| .Xr ssh-add 1 |
.Xr ssh-add 1 |
| asks for the passphrase (using a small X11 application if running |
asks for the passphrase (using a small X11 application if running |
|
|
| identities anywhere in the network in a secure way. |
identities anywhere in the network in a secure way. |
| .Pp |
.Pp |
| There are two main ways to get an agent setup: |
There are two main ways to get an agent setup: |
| Either the agent starts a new subcommand into which some environment |
Either you let the agent |
| variables are exported, or the agent prints the needed shell commands |
start a new subcommand into which some environment variables are exported, or |
| (either |
you let the agent print the needed shell commands (either |
| .Xr sh 1 |
.Xr sh 1 |
| or |
or |
| .Xr csh 1 |
.Xr csh 1 |
|
|
| .Xr ssh 1 |
.Xr ssh 1 |
| looks at these variables and uses them to establish a connection to the agent. |
looks at these variables and uses them to establish a connection to the agent. |
| .Pp |
.Pp |
| The agent will never send a private key over its request channel. |
|
| Instead, operations that require a private key will be performed |
|
| by the agent, and the result will be returned to the requester. |
|
| This way, private keys are not exposed to clients using the agent. |
|
| .Pp |
|
| A unix-domain socket is created |
A unix-domain socket is created |
| .Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , |
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , |
| and the name of this socket is stored in the |
and the name of this socket is stored in the |
|
|
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Pa $HOME/.ssh/identity |
.It Pa $HOME/.ssh/identity |
| Contains the protocol version 1 RSA authentication identity of the user. |
Contains the protocol version 1 RSA authentication identity of the user. |
| |
This file should not be readable by anyone but the user. |
| |
It is possible to |
| |
specify a passphrase when generating the key; that passphrase will be |
| |
used to encrypt the private part of this file. |
| |
This file is not used by |
| |
.Nm |
| |
but is normally added to the agent using |
| |
.Xr ssh-add 1 |
| |
at login time. |
| .It Pa $HOME/.ssh/id_dsa |
.It Pa $HOME/.ssh/id_dsa |
| Contains the protocol version 2 DSA authentication identity of the user. |
Contains the protocol version 2 DSA authentication identity of the user. |
| .It Pa $HOME/.ssh/id_rsa |
.It Pa $HOME/.ssh/id_rsa |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-agent.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh