X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/1e608e420beaca67ca6bc6bef308f9f9f6132a66..39e70dec76acc4f638f7a209dcd8b4d40feba8f0:/openssh/ssh-agent.1 diff --git a/openssh/ssh-agent.1 b/openssh/ssh-agent.1 index 9909ef5..00c1992 100644 --- a/openssh/ssh-agent.1 +++ b/openssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.31 2002/02/04 20:41:16 stevesk Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -94,11 +94,9 @@ Keys are added using .Xr ssh-add 1 . When executed without arguments, .Xr ssh-add 1 -adds the files -.Pa $HOME/.ssh/id_rsa , -.Pa $HOME/.ssh/id_dsa -and -.Pa $HOME/.ssh/identity . +adds the +.Pa $HOME/.ssh/identity +file. If the identity has a passphrase, .Xr ssh-add 1 asks for the passphrase (using a small X11 application if running @@ -129,11 +127,6 @@ Later .Xr ssh 1 looks at these variables and uses them to establish a connection to the agent. .Pp -The agent will never send a private key over its request channel. -Instead, operations that require a private key will be performed -by the agent, and the result will be returned to the requester. -This way, private keys are not exposed to clients using the agent. -.Pp A unix-domain socket is created .Pq Pa /tmp/ssh-XXXXXXXX/agent. , and the name of this socket is stored in the @@ -154,6 +147,15 @@ line terminates. .Bl -tag -width Ds .It Pa $HOME/.ssh/identity Contains the protocol version 1 RSA authentication identity of the user. +This file should not be readable by anyone but the user. +It is possible to +specify a passphrase when generating the key; that passphrase will be +used to encrypt the private part of this file. +This file is not used by +.Nm +but is normally added to the agent using +.Xr ssh-add 1 +at login time. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. .It Pa $HOME/.ssh/id_rsa