=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-agent.1,v retrieving revision 1.24.2.2 retrieving revision 1.25 diff -u -r1.24.2.2 -r1.25 --- src/usr.bin/ssh/ssh-agent.1 2002/03/09 00:20:45 1.24.2.2 +++ src/usr.bin/ssh/ssh-agent.1 2001/06/26 04:07:06 1.25 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.24.2.2 2002/03/09 00:20:45 miod Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.25 2001/06/26 04:07:06 markus Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,12 +42,14 @@ .Nd authentication agent .Sh SYNOPSIS .Nm ssh-agent -.Op Fl c Li | Fl s -.Op Fl d -.Op Ar command Op Ar args ... +.Ar command +.Ar args ... .Nm ssh-agent .Op Fl c Li | Fl s +.Nm ssh-agent .Fl k +.Nm ssh-agent +.Fl d .Sh DESCRIPTION .Nm is a program to hold private keys used for public key authentication @@ -83,7 +85,7 @@ .It Fl d Debug mode. When this option is specified .Nm -will not fork. +will fork. .El .Pp If a commandline is given, this is executed as a subprocess of the agent. @@ -94,11 +96,9 @@ .Xr ssh-add 1 . When executed without arguments, .Xr ssh-add 1 -adds the files -.Pa $HOME/.ssh/id_rsa , -.Pa $HOME/.ssh/id_dsa -and -.Pa $HOME/.ssh/identity . +adds the +.Pa $HOME/.ssh/identity +file. If the identity has a passphrase, .Xr ssh-add 1 asks for the passphrase (using a small X11 application if running @@ -118,9 +118,9 @@ identities anywhere in the network in a secure way. .Pp There are two main ways to get an agent setup: -Either the agent starts a new subcommand into which some environment -variables are exported, or the agent prints the needed shell commands -(either +Either you let the agent +start a new subcommand into which some environment variables are exported, or +you let the agent print the needed shell commands (either .Xr sh 1 or .Xr csh 1 @@ -129,11 +129,6 @@ .Xr ssh 1 looks at these variables and uses them to establish a connection to the agent. .Pp -The agent will never send a private key over its request channel. -Instead, operations that require a private key will be performed -by the agent, and the result will be returned to the requester. -This way, private keys are not exposed to clients using the agent. -.Pp A unix-domain socket is created .Pq Pa /tmp/ssh-XXXXXXXX/agent. , and the name of this socket is stored in the @@ -154,6 +149,15 @@ .Bl -tag -width Ds .It Pa $HOME/.ssh/identity Contains the protocol version 1 RSA authentication identity of the user. +This file should not be readable by anyone but the user. +It is possible to +specify a passphrase when generating the key; that passphrase will be +used to encrypt the private part of this file. +This file is not used by +.Nm +but is normally added to the agent using +.Xr ssh-add 1 +at login time. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. .It Pa $HOME/.ssh/id_rsa