version 1.54, 2013/12/07 11:58:46 |
version 1.55, 2014/04/16 23:28:12 |
|
|
.Nm |
.Nm |
is a program to hold private keys used for public key authentication |
is a program to hold private keys used for public key authentication |
(RSA, DSA, ECDSA, ED25519). |
(RSA, DSA, ECDSA, ED25519). |
The idea is that |
|
.Nm |
.Nm |
is started in the beginning of an X-session or a login session, and |
is usually started in the beginning of an X-session or a login session, and |
all other windows or programs are started as clients to the ssh-agent |
all other windows or programs are started as clients to the ssh-agent |
program. |
program. |
Through use of environment variables the agent can be located |
Through use of environment variables the agent can be located |
|
|
machines using |
machines using |
.Xr ssh 1 . |
.Xr ssh 1 . |
.Pp |
.Pp |
|
The agent initially does not have any private keys. |
|
Keys are added using |
|
.Xr ssh-add 1 . |
|
Multiple identities may be stored in |
|
.Nm |
|
concurrently and |
|
.Xr ssh 1 |
|
will automatically use them if present. |
|
.Xr ssh-add 1 |
|
is also used to remove keys from |
|
.Nm |
|
and to query the keys that are held in one. |
|
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl a Ar bind_address |
.It Fl a Ar bind_address |
|
|
If a commandline is given, this is executed as a subprocess of the agent. |
If a commandline is given, this is executed as a subprocess of the agent. |
When the command dies, so does the agent. |
When the command dies, so does the agent. |
.Pp |
.Pp |
The agent initially does not have any private keys. |
|
Keys are added using |
|
.Xr ssh-add 1 . |
|
When executed without arguments, |
|
.Xr ssh-add 1 |
|
adds the files |
|
.Pa ~/.ssh/id_rsa , |
|
.Pa ~/.ssh/id_dsa , |
|
.Pa ~/.ssh/id_ecdsa , |
|
.Pa ~/.ssh/id_ed25519 |
|
and |
|
.Pa ~/.ssh/identity . |
|
If the identity has a passphrase, |
|
.Xr ssh-add 1 |
|
asks for the passphrase on the terminal if it has one or from a small X11 |
|
program if running under X11. |
|
If neither of these is the case then the authentication will fail. |
|
It then sends the identity to the agent. |
|
Several identities can be stored in the |
|
agent; the agent can automatically use any of these identities. |
|
.Ic ssh-add -l |
|
displays the identities currently held by the agent. |
|
.Pp |
|
The idea is that the agent is run in the user's local PC, laptop, or |
The idea is that the agent is run in the user's local PC, laptop, or |
terminal. |
terminal. |
Authentication data need not be stored on any other |
Authentication data need not be stored on any other |
|
|
line terminates. |
line terminates. |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa ~/.ssh/identity |
|
Contains the protocol version 1 RSA authentication identity of the user. |
|
.It Pa ~/.ssh/id_dsa |
|
Contains the protocol version 2 DSA authentication identity of the user. |
|
.It Pa ~/.ssh/id_ecdsa |
|
Contains the protocol version 2 ECDSA authentication identity of the user. |
|
.It Pa ~/.ssh/id_ed25519 |
|
Contains the protocol version 2 ED25519 authentication identity of the user. |
|
.It Pa ~/.ssh/id_rsa |
|
Contains the protocol version 2 RSA authentication identity of the user. |
|
.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt |
.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt |
.Ux Ns -domain |
.Ux Ns -domain |
sockets used to contain the connection to the authentication agent. |
sockets used to contain the connection to the authentication agent. |