2007-06-12 16:00:27 +02:00
|
|
|
.\" $OpenBSD: ssh-add.1,v 1.46 2007/06/12 13:41:03 jmc Exp $
|
2001-01-29 08:39:26 +01:00
|
|
|
.\"
|
1999-10-29 01:15:49 +02:00
|
|
|
.\" -*- nroff -*-
|
|
|
|
.\"
|
|
|
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
|
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
.\" All rights reserved
|
|
|
|
.\"
|
2000-09-16 04:29:08 +02:00
|
|
|
.\" As far as I am concerned, the code I have written for this software
|
|
|
|
.\" can be used freely for any purpose. Any derived versions of this
|
|
|
|
.\" software must be clearly marked as such, and if the derived work is
|
|
|
|
.\" incompatible with the protocol description in the RFC file, it must be
|
|
|
|
.\" called by a name other than "ssh" or "Secure Shell".
|
|
|
|
.\"
|
|
|
|
.\"
|
2001-03-05 07:59:27 +01:00
|
|
|
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
|
|
|
|
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
|
|
|
|
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
|
2000-09-16 04:29:08 +02:00
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
1999-10-29 01:15:49 +02:00
|
|
|
.\"
|
2000-09-16 04:29:08 +02:00
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
1999-10-29 01:15:49 +02:00
|
|
|
.\"
|
2007-06-12 16:00:27 +02:00
|
|
|
.Dd $Mdocdate: June 12 2007 $
|
1999-10-29 01:15:49 +02:00
|
|
|
.Dt SSH-ADD 1
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm ssh-add
|
2001-09-12 19:06:13 +02:00
|
|
|
.Nd adds RSA or DSA identities to the authentication agent
|
1999-10-29 01:15:49 +02:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm ssh-add
|
2005-03-02 02:04:50 +01:00
|
|
|
.Op Fl cDdLlXx
|
2002-06-06 23:54:57 +02:00
|
|
|
.Op Fl t Ar life
|
1999-10-29 01:15:49 +02:00
|
|
|
.Op Ar
|
2001-08-07 00:03:08 +02:00
|
|
|
.Nm ssh-add
|
|
|
|
.Fl s Ar reader
|
|
|
|
.Nm ssh-add
|
|
|
|
.Fl e Ar reader
|
2000-04-13 04:26:34 +02:00
|
|
|
.Sh DESCRIPTION
|
1999-10-29 01:15:49 +02:00
|
|
|
.Nm
|
2000-08-23 02:46:23 +02:00
|
|
|
adds RSA or DSA identities to the authentication agent,
|
1999-10-29 01:15:49 +02:00
|
|
|
.Xr ssh-agent 1 .
|
2002-01-22 13:05:59 +01:00
|
|
|
When run without arguments, it adds the files
|
2005-05-26 04:04:02 +02:00
|
|
|
.Pa ~/.ssh/id_rsa ,
|
|
|
|
.Pa ~/.ssh/id_dsa
|
2002-01-22 13:05:59 +01:00
|
|
|
and
|
2005-05-26 04:04:02 +02:00
|
|
|
.Pa ~/.ssh/identity .
|
2000-03-26 05:04:51 +02:00
|
|
|
Alternative file names can be given on the command line.
|
|
|
|
If any file requires a passphrase,
|
1999-10-29 01:15:49 +02:00
|
|
|
.Nm
|
2000-04-13 04:26:34 +02:00
|
|
|
asks for the passphrase from the user.
|
2001-05-06 05:01:02 +02:00
|
|
|
The passphrase is read from the user's tty.
|
2001-04-10 04:46:54 +02:00
|
|
|
.Nm
|
|
|
|
retries the last passphrase if multiple identity files are given.
|
1999-10-29 01:15:49 +02:00
|
|
|
.Pp
|
2003-12-09 09:01:51 +01:00
|
|
|
The authentication agent must be running and the
|
|
|
|
.Ev SSH_AUTH_SOCK
|
|
|
|
environment variable must contain the name of its socket for
|
1999-10-29 01:15:49 +02:00
|
|
|
.Nm
|
|
|
|
to work.
|
|
|
|
.Pp
|
|
|
|
The options are as follows:
|
|
|
|
.Bl -tag -width Ds
|
2003-01-24 01:36:23 +01:00
|
|
|
.It Fl c
|
|
|
|
Indicates that added identities should be subject to confirmation before
|
2003-04-01 13:42:14 +02:00
|
|
|
being used for authentication.
|
|
|
|
Confirmation is performed by the
|
2003-01-24 01:36:23 +01:00
|
|
|
.Ev SSH_ASKPASS
|
2003-04-01 13:42:14 +02:00
|
|
|
program mentioned below.
|
|
|
|
Successful confirmation is signaled by a zero exit status from the
|
2003-01-24 01:36:23 +01:00
|
|
|
.Ev SSH_ASKPASS
|
|
|
|
program, rather than text entered into the requester.
|
2005-03-02 02:04:50 +01:00
|
|
|
.It Fl D
|
|
|
|
Deletes all identities from the agent.
|
|
|
|
.It Fl d
|
2007-06-12 16:00:27 +02:00
|
|
|
Instead of adding identities, removes identities from the agent.
|
2007-06-12 15:39:52 +02:00
|
|
|
If
|
|
|
|
.Nm
|
2007-06-12 16:00:27 +02:00
|
|
|
has been run without arguments, the keys for the default identities will
|
2007-06-12 15:39:52 +02:00
|
|
|
be removed.
|
|
|
|
Otherwise, the argument list will be interpreted as a list of paths to
|
|
|
|
public key files and matching keys will be removed from the agent.
|
|
|
|
If no public key is found at a given path,
|
|
|
|
.Nm
|
|
|
|
will append
|
|
|
|
.Pa .pub
|
|
|
|
and retry.
|
2001-08-07 00:03:08 +02:00
|
|
|
.It Fl e Ar reader
|
|
|
|
Remove key in smartcard
|
|
|
|
.Ar reader .
|
2005-03-02 02:04:50 +01:00
|
|
|
.It Fl L
|
|
|
|
Lists public key parameters of all identities currently represented
|
|
|
|
by the agent.
|
|
|
|
.It Fl l
|
|
|
|
Lists fingerprints of all identities currently represented by the agent.
|
|
|
|
.It Fl s Ar reader
|
|
|
|
Add key in smartcard
|
|
|
|
.Ar reader .
|
|
|
|
.It Fl t Ar life
|
|
|
|
Set a maximum lifetime when adding identities to an agent.
|
|
|
|
The lifetime may be specified in seconds or in a time format
|
|
|
|
specified in
|
|
|
|
.Xr sshd_config 5 .
|
|
|
|
.It Fl X
|
|
|
|
Unlock the agent.
|
|
|
|
.It Fl x
|
|
|
|
Lock the agent with a password.
|
1999-10-29 01:15:49 +02:00
|
|
|
.El
|
1999-12-06 01:47:28 +01:00
|
|
|
.Sh ENVIRONMENT
|
|
|
|
.Bl -tag -width Ds
|
|
|
|
.It Ev "DISPLAY" and "SSH_ASKPASS"
|
1999-10-29 01:15:49 +02:00
|
|
|
If
|
|
|
|
.Nm
|
|
|
|
needs a passphrase, it will read the passphrase from the current
|
2000-03-26 05:04:51 +02:00
|
|
|
terminal if it was run from a terminal.
|
|
|
|
If
|
1999-10-29 01:15:49 +02:00
|
|
|
.Nm
|
|
|
|
does not have a terminal associated with it but
|
|
|
|
.Ev DISPLAY
|
1999-11-25 01:54:57 +01:00
|
|
|
and
|
|
|
|
.Ev SSH_ASKPASS
|
|
|
|
are set, it will execute the program specified by
|
|
|
|
.Ev SSH_ASKPASS
|
2000-03-26 05:04:51 +02:00
|
|
|
and open an X11 window to read the passphrase.
|
|
|
|
This is particularly useful when calling
|
1999-10-29 01:15:49 +02:00
|
|
|
.Nm
|
|
|
|
from a
|
2004-11-05 10:01:03 +01:00
|
|
|
.Pa .xsession
|
2000-03-26 05:04:51 +02:00
|
|
|
or related script.
|
|
|
|
(Note that on some machines it
|
1999-10-29 01:15:49 +02:00
|
|
|
may be necessary to redirect the input from
|
|
|
|
.Pa /dev/null
|
|
|
|
to make this work.)
|
2002-06-06 23:46:08 +02:00
|
|
|
.It Ev SSH_AUTH_SOCK
|
|
|
|
Identifies the path of a unix-domain socket used to communicate with the
|
|
|
|
agent.
|
2000-09-05 04:34:53 +02:00
|
|
|
.El
|
2003-06-11 14:04:39 +02:00
|
|
|
.Sh FILES
|
|
|
|
.Bl -tag -width Ds
|
2005-05-26 04:04:02 +02:00
|
|
|
.It Pa ~/.ssh/identity
|
2003-06-11 14:04:39 +02:00
|
|
|
Contains the protocol version 1 RSA authentication identity of the user.
|
2005-05-26 04:04:02 +02:00
|
|
|
.It Pa ~/.ssh/id_dsa
|
2003-06-11 14:04:39 +02:00
|
|
|
Contains the protocol version 2 DSA authentication identity of the user.
|
2005-05-26 04:04:02 +02:00
|
|
|
.It Pa ~/.ssh/id_rsa
|
2003-06-11 14:04:39 +02:00
|
|
|
Contains the protocol version 2 RSA authentication identity of the user.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
Identity files should not be readable by anyone but the user.
|
|
|
|
Note that
|
|
|
|
.Nm
|
|
|
|
ignores identity files if they are accessible by others.
|
2002-02-05 02:14:41 +01:00
|
|
|
.Sh DIAGNOSTICS
|
|
|
|
Exit status is 0 on success, 1 if the specified command fails,
|
|
|
|
and 2 if
|
|
|
|
.Nm
|
|
|
|
is unable to contact the authentication agent.
|
2003-06-11 14:04:39 +02:00
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr ssh 1 ,
|
|
|
|
.Xr ssh-agent 1 ,
|
|
|
|
.Xr ssh-keygen 1 ,
|
|
|
|
.Xr sshd 8
|
2000-11-13 12:57:25 +01:00
|
|
|
.Sh AUTHORS
|
2001-01-29 09:34:16 +01:00
|
|
|
OpenSSH is a derivative of the original and free
|
|
|
|
ssh 1.2.12 release by Tatu Ylonen.
|
|
|
|
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
|
|
|
|
Theo de Raadt and Dug Song
|
|
|
|
removed many bugs, re-added newer features and
|
|
|
|
created OpenSSH.
|
|
|
|
Markus Friedl contributed the support for SSH
|
|
|
|
protocol versions 1.5 and 2.0.
|