1 | .\" $OpenBSD: ssh-add.1,v 1.35 2002/06/19 00:27:55 deraadt Exp $ |
---|
2 | .\" |
---|
3 | .\" -*- nroff -*- |
---|
4 | .\" |
---|
5 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
---|
6 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
---|
7 | .\" All rights reserved |
---|
8 | .\" |
---|
9 | .\" As far as I am concerned, the code I have written for this software |
---|
10 | .\" can be used freely for any purpose. Any derived versions of this |
---|
11 | .\" software must be clearly marked as such, and if the derived work is |
---|
12 | .\" incompatible with the protocol description in the RFC file, it must be |
---|
13 | .\" called by a name other than "ssh" or "Secure Shell". |
---|
14 | .\" |
---|
15 | .\" |
---|
16 | .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
---|
17 | .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
---|
18 | .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
---|
19 | .\" |
---|
20 | .\" Redistribution and use in source and binary forms, with or without |
---|
21 | .\" modification, are permitted provided that the following conditions |
---|
22 | .\" are met: |
---|
23 | .\" 1. Redistributions of source code must retain the above copyright |
---|
24 | .\" notice, this list of conditions and the following disclaimer. |
---|
25 | .\" 2. Redistributions in binary form must reproduce the above copyright |
---|
26 | .\" notice, this list of conditions and the following disclaimer in the |
---|
27 | .\" documentation and/or other materials provided with the distribution. |
---|
28 | .\" |
---|
29 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
---|
30 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
---|
31 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
---|
32 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
---|
33 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
---|
34 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
---|
35 | .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
---|
36 | .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
---|
37 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
---|
38 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
---|
39 | .\" |
---|
40 | .Dd September 25, 1999 |
---|
41 | .Dt SSH-ADD 1 |
---|
42 | .Os |
---|
43 | .Sh NAME |
---|
44 | .Nm ssh-add |
---|
45 | .Nd adds RSA or DSA identities to the authentication agent |
---|
46 | .Sh SYNOPSIS |
---|
47 | .Nm ssh-add |
---|
48 | .Op Fl lLdDxX |
---|
49 | .Op Fl t Ar life |
---|
50 | .Op Ar |
---|
51 | .Nm ssh-add |
---|
52 | .Fl s Ar reader |
---|
53 | .Nm ssh-add |
---|
54 | .Fl e Ar reader |
---|
55 | .Sh DESCRIPTION |
---|
56 | .Nm |
---|
57 | adds RSA or DSA identities to the authentication agent, |
---|
58 | .Xr ssh-agent 1 . |
---|
59 | When run without arguments, it adds the files |
---|
60 | .Pa $HOME/.ssh/id_rsa , |
---|
61 | .Pa $HOME/.ssh/id_dsa |
---|
62 | and |
---|
63 | .Pa $HOME/.ssh/identity . |
---|
64 | Alternative file names can be given on the command line. |
---|
65 | If any file requires a passphrase, |
---|
66 | .Nm |
---|
67 | asks for the passphrase from the user. |
---|
68 | The passphrase is read from the user's tty. |
---|
69 | .Nm |
---|
70 | retries the last passphrase if multiple identity files are given. |
---|
71 | .Pp |
---|
72 | The authentication agent must be running and must be an ancestor of |
---|
73 | the current process for |
---|
74 | .Nm |
---|
75 | to work. |
---|
76 | .Pp |
---|
77 | The options are as follows: |
---|
78 | .Bl -tag -width Ds |
---|
79 | .It Fl l |
---|
80 | Lists fingerprints of all identities currently represented by the agent. |
---|
81 | .It Fl L |
---|
82 | Lists public key parameters of all identities currently represented by the agent. |
---|
83 | .It Fl d |
---|
84 | Instead of adding the identity, removes the identity from the agent. |
---|
85 | .It Fl D |
---|
86 | Deletes all identities from the agent. |
---|
87 | .It Fl x |
---|
88 | Lock the agent with a password. |
---|
89 | .It Fl X |
---|
90 | Unlock the agent. |
---|
91 | .It Fl t Ar life |
---|
92 | Set a maximum lifetime when adding identities to an agent. |
---|
93 | The lifetime may be specified in seconds or in a time format |
---|
94 | specified in |
---|
95 | .Xr sshd 8 . |
---|
96 | .It Fl s Ar reader |
---|
97 | Add key in smartcard |
---|
98 | .Ar reader . |
---|
99 | .It Fl e Ar reader |
---|
100 | Remove key in smartcard |
---|
101 | .Ar reader . |
---|
102 | .El |
---|
103 | .Sh FILES |
---|
104 | .Bl -tag -width Ds |
---|
105 | .It Pa $HOME/.ssh/identity |
---|
106 | Contains the protocol version 1 RSA authentication identity of the user. |
---|
107 | .It Pa $HOME/.ssh/id_dsa |
---|
108 | Contains the protocol version 2 DSA authentication identity of the user. |
---|
109 | .It Pa $HOME/.ssh/id_rsa |
---|
110 | Contains the protocol version 2 RSA authentication identity of the user. |
---|
111 | .El |
---|
112 | .Pp |
---|
113 | Identity files should not be readable by anyone but the user. |
---|
114 | Note that |
---|
115 | .Nm |
---|
116 | ignores identity files if they are accessible by others. |
---|
117 | .Sh ENVIRONMENT |
---|
118 | .Bl -tag -width Ds |
---|
119 | .It Ev "DISPLAY" and "SSH_ASKPASS" |
---|
120 | If |
---|
121 | .Nm |
---|
122 | needs a passphrase, it will read the passphrase from the current |
---|
123 | terminal if it was run from a terminal. |
---|
124 | If |
---|
125 | .Nm |
---|
126 | does not have a terminal associated with it but |
---|
127 | .Ev DISPLAY |
---|
128 | and |
---|
129 | .Ev SSH_ASKPASS |
---|
130 | are set, it will execute the program specified by |
---|
131 | .Ev SSH_ASKPASS |
---|
132 | and open an X11 window to read the passphrase. |
---|
133 | This is particularly useful when calling |
---|
134 | .Nm |
---|
135 | from a |
---|
136 | .Pa .Xsession |
---|
137 | or related script. |
---|
138 | (Note that on some machines it |
---|
139 | may be necessary to redirect the input from |
---|
140 | .Pa /dev/null |
---|
141 | to make this work.) |
---|
142 | .It Ev SSH_AUTH_SOCK |
---|
143 | Identifies the path of a unix-domain socket used to communicate with the |
---|
144 | agent. |
---|
145 | .El |
---|
146 | .Sh DIAGNOSTICS |
---|
147 | Exit status is 0 on success, 1 if the specified command fails, |
---|
148 | and 2 if |
---|
149 | .Nm |
---|
150 | is unable to contact the authentication agent. |
---|
151 | .Sh AUTHORS |
---|
152 | OpenSSH is a derivative of the original and free |
---|
153 | ssh 1.2.12 release by Tatu Ylonen. |
---|
154 | Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
---|
155 | Theo de Raadt and Dug Song |
---|
156 | removed many bugs, re-added newer features and |
---|
157 | created OpenSSH. |
---|
158 | Markus Friedl contributed the support for SSH |
---|
159 | protocol versions 1.5 and 2.0. |
---|
160 | .Sh SEE ALSO |
---|
161 | .Xr ssh 1 , |
---|
162 | .Xr ssh-agent 1 , |
---|
163 | .Xr ssh-keygen 1 , |
---|
164 | .Xr sshd 8 |
---|