X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/6a9b319871ee85eeada2a0511e9436d0bfa6aab8..db5d66a5072fed3b0983cd21ee48f5c290939ca6:/openssh/ssh-agent.1 diff --git a/openssh/ssh-agent.1 b/openssh/ssh-agent.1 index fde4608..00c1992 100644 --- a/openssh/ssh-agent.1 +++ b/openssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.37 2003/03/28 10:11:43 jmc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,9 +42,7 @@ .Nd authentication agent .Sh SYNOPSIS .Nm ssh-agent -.Op Fl a Ar bind_address .Op Fl c Li | Fl s -.Op Fl t Ar life .Op Fl d .Op Ar command Op Ar args ... .Nm ssh-agent @@ -66,11 +64,6 @@ machines using .Pp The options are as follows: .Bl -tag -width Ds -.It Fl a Ar bind_address -Bind the agent to the unix-domain socket -.Ar bind_address . -The default is -.Pa /tmp/ssh-XXXXXXXX/agent. . .It Fl c Generate C-shell commands on .Dv stdout . @@ -87,17 +80,8 @@ does not look like it's a csh style of shell. Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). -.It Fl t Ar life -Set a default value for the maximum lifetime of identities added to the agent. -The lifetime may be specified in seconds or in a time format specified in -.Xr sshd 8 . -A lifetime specified for an identity with -.Xr ssh-add 1 -overrides this value. -Without this option the default maximum lifetime is forever. .It Fl d -Debug mode. -When this option is specified +Debug mode. When this option is specified .Nm will not fork. .El @@ -110,11 +94,9 @@ Keys are added using .Xr ssh-add 1 . When executed without arguments, .Xr ssh-add 1 -adds the files -.Pa $HOME/.ssh/id_rsa , -.Pa $HOME/.ssh/id_dsa -and -.Pa $HOME/.ssh/identity . +adds the +.Pa $HOME/.ssh/identity +file. If the identity has a passphrase, .Xr ssh-add 1 asks for the passphrase (using a small X11 application if running @@ -145,12 +127,8 @@ Later .Xr ssh 1 looks at these variables and uses them to establish a connection to the agent. .Pp -The agent will never send a private key over its request channel. -Instead, operations that require a private key will be performed -by the agent, and the result will be returned to the requester. -This way, private keys are not exposed to clients using the agent. -.Pp A unix-domain socket is created +.Pq Pa /tmp/ssh-XXXXXXXX/agent. , and the name of this socket is stored in the .Ev SSH_AUTH_SOCK environment @@ -161,7 +139,7 @@ user. .Pp The .Ev SSH_AGENT_PID -environment variable holds the agent's process ID. +environment variable holds the agent's PID. .Pp The agent exits automatically when the command given on the command line terminates. @@ -169,11 +147,20 @@ line terminates. .Bl -tag -width Ds .It Pa $HOME/.ssh/identity Contains the protocol version 1 RSA authentication identity of the user. +This file should not be readable by anyone but the user. +It is possible to +specify a passphrase when generating the key; that passphrase will be +used to encrypt the private part of this file. +This file is not used by +.Nm +but is normally added to the agent using +.Xr ssh-add 1 +at login time. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -.It Pa /tmp/ssh-XXXXXXXX/agent. +.It Pa /tmp/ssh-XXXXXXXX/agent. Unix-domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner.