version 1.73, 2022/03/31 17:27:27 |
version 1.74, 2022/10/07 04:06:26 |
|
|
.Op Fl \&Dd |
.Op Fl \&Dd |
.Op Fl a Ar bind_address |
.Op Fl a Ar bind_address |
.Op Fl E Ar fingerprint_hash |
.Op Fl E Ar fingerprint_hash |
|
.Op Fl O Ar option |
.Op Fl P Ar allowed_providers |
.Op Fl P Ar allowed_providers |
.Op Fl t Ar life |
.Op Fl t Ar life |
.Nm ssh-agent |
.Nm ssh-agent |
.Op Fl a Ar bind_address |
.Op Fl a Ar bind_address |
.Op Fl E Ar fingerprint_hash |
.Op Fl E Ar fingerprint_hash |
|
.Op Fl O Ar option |
.Op Fl P Ar allowed_providers |
.Op Fl P Ar allowed_providers |
.Op Fl t Ar life |
.Op Fl t Ar life |
.Ar command Op Ar arg ... |
.Ar command Op Ar arg ... |
|
|
Kill the current agent (given by the |
Kill the current agent (given by the |
.Ev SSH_AGENT_PID |
.Ev SSH_AGENT_PID |
environment variable). |
environment variable). |
|
.It Fl O Ar option |
|
Specify an option when starting |
|
.Xr ssh-agent 1 . |
|
Currently only one option is supported: |
|
.Cm no-restrict-websafe . |
|
This instructs |
|
.Xr ssh-agent 1 |
|
to permit signatures using FIDO keys that might be web authentication |
|
requests. |
|
By default, |
|
.Xr ssh-agent 1 |
|
refuses signature requests for FIDO keys where the key application string |
|
does not start with |
|
.Dq ssh: |
|
and when the data to be signed does not appear to be a |
|
.Xr ssh 1 |
|
user authentication request or a |
|
.Xr ssh-keygen 1 |
|
signature. |
|
The default behaviour prevents forwarded access to a FIDO key from also |
|
implicitly forwarding the ability to authenticate to websites. |
.It Fl P Ar allowed_providers |
.It Fl P Ar allowed_providers |
Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO |
Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO |
authenticator middleware shared libraries that may be used with the |
authenticator middleware shared libraries that may be used with the |