]> andersk Git - openssh.git/blame - ssh-add.1
- markus@cvs.openbsd.org 2003/01/23 13:50:27
[openssh.git] / ssh-add.1
CommitLineData
c4087616 1.\" $OpenBSD: ssh-add.1,v 1.36 2003/01/23 13:50:27 markus Exp $
23c2a7a5 2.\"
bf740959 3.\" -*- nroff -*-
4.\"
bf740959 5.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
bf740959 6.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7.\" All rights reserved
8.\"
bcbf86ec 9.\" As far as I am concerned, the code I have written for this software
10.\" can be used freely for any purpose. Any derived versions of this
11.\" software must be clearly marked as such, and if the derived work is
12.\" incompatible with the protocol description in the RFC file, it must be
13.\" called by a name other than "ssh" or "Secure Shell".
14.\"
15.\"
f3c7c613 16.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
17.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
18.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
bcbf86ec 19.\"
20.\" Redistribution and use in source and binary forms, with or without
21.\" modification, are permitted provided that the following conditions
22.\" are met:
23.\" 1. Redistributions of source code must retain the above copyright
24.\" notice, this list of conditions and the following disclaimer.
25.\" 2. Redistributions in binary form must reproduce the above copyright
26.\" notice, this list of conditions and the following disclaimer in the
27.\" documentation and/or other materials provided with the distribution.
bf740959 28.\"
bcbf86ec 29.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
30.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
31.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
32.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
33.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
34.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
bf740959 39.\"
40.Dd September 25, 1999
41.Dt SSH-ADD 1
42.Os
43.Sh NAME
44.Nm ssh-add
75304f85 45.Nd adds RSA or DSA identities to the authentication agent
bf740959 46.Sh SYNOPSIS
47.Nm ssh-add
c4087616 48.Op Fl lLdDxXc
264572cc 49.Op Fl t Ar life
bf740959 50.Op Ar
5a26334c 51.Nm ssh-add
52.Fl s Ar reader
53.Nm ssh-add
54.Fl e Ar reader
f54651ce 55.Sh DESCRIPTION
bf740959 56.Nm
2e73a022 57adds RSA or DSA identities to the authentication agent,
bf740959 58.Xr ssh-agent 1 .
67656ffc 59When run without arguments, it adds the files
60.Pa $HOME/.ssh/id_rsa ,
7203d6bb 61.Pa $HOME/.ssh/id_dsa
67656ffc 62and
bf740959 63.Pa $HOME/.ssh/identity .
4fe2af09 64Alternative file names can be given on the command line.
65If any file requires a passphrase,
bf740959 66.Nm
f54651ce 67asks for the passphrase from the user.
cf7ff074 68The passphrase is read from the user's tty.
49ae4185 69.Nm
70retries the last passphrase if multiple identity files are given.
bf740959 71.Pp
72The authentication agent must be running and must be an ancestor of
73the current process for
74.Nm
75to work.
76.Pp
77The options are as follows:
78.Bl -tag -width Ds
79.It Fl l
f095fcc7 80Lists fingerprints of all identities currently represented by the agent.
81.It Fl L
82Lists public key parameters of all identities currently represented by the agent.
bf740959 83.It Fl d
84Instead of adding the identity, removes the identity from the agent.
85.It Fl D
86Deletes all identities from the agent.
3db7f994 87.It Fl x
88Lock the agent with a password.
89.It Fl X
90Unlock the agent.
264572cc 91.It Fl t Ar life
92Set a maximum lifetime when adding identities to an agent.
c3baacd1 93The lifetime may be specified in seconds or in a time format
94specified in
95.Xr sshd 8 .
c4087616 96.It Fl c
97Indicates that added identities should be subject to confirmation before
98being used for authentication. Confirmation is performed by the
99.Ev SSH_ASKPASS
100program mentioned below. Successful confirmation is signaled by a zero
101exit status from the
102.Ev SSH_ASKPASS
103program, rather than text entered into the requester.
5a26334c 104.It Fl s Ar reader
105Add key in smartcard
106.Ar reader .
107.It Fl e Ar reader
108Remove key in smartcard
109.Ar reader .
bf740959 110.El
111.Sh FILES
112.Bl -tag -width Ds
57112b5a 113.It Pa $HOME/.ssh/identity
c0ecc314 114Contains the protocol version 1 RSA authentication identity of the user.
2e73a022 115.It Pa $HOME/.ssh/id_dsa
c0ecc314 116Contains the protocol version 2 DSA authentication identity of the user.
117.It Pa $HOME/.ssh/id_rsa
118Contains the protocol version 2 RSA authentication identity of the user.
b5e300c2 119.El
a445d432 120.Pp
121Identity files should not be readable by anyone but the user.
122Note that
123.Nm
124ignores identity files if they are accessible by others.
57112b5a 125.Sh ENVIRONMENT
126.Bl -tag -width Ds
127.It Ev "DISPLAY" and "SSH_ASKPASS"
bf740959 128If
129.Nm
130needs a passphrase, it will read the passphrase from the current
4fe2af09 131terminal if it was run from a terminal.
132If
bf740959 133.Nm
134does not have a terminal associated with it but
135.Ev DISPLAY
aa3378df 136and
137.Ev SSH_ASKPASS
138are set, it will execute the program specified by
139.Ev SSH_ASKPASS
4fe2af09 140and open an X11 window to read the passphrase.
141This is particularly useful when calling
bf740959 142.Nm
143from a
144.Pa .Xsession
4fe2af09 145or related script.
146(Note that on some machines it
bf740959 147may be necessary to redirect the input from
148.Pa /dev/null
149to make this work.)
3e7efb37 150.It Ev SSH_AUTH_SOCK
151Identifies the path of a unix-domain socket used to communicate with the
152agent.
b5e300c2 153.El
8e3ce4dc 154.Sh DIAGNOSTICS
155Exit status is 0 on success, 1 if the specified command fails,
156and 2 if
157.Nm
158is unable to contact the authentication agent.
fa08c86b 159.Sh AUTHORS
5fb622e4 160OpenSSH is a derivative of the original and free
161ssh 1.2.12 release by Tatu Ylonen.
162Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
163Theo de Raadt and Dug Song
164removed many bugs, re-added newer features and
165created OpenSSH.
166Markus Friedl contributed the support for SSH
167protocol versions 1.5 and 2.0.
bf740959 168.Sh SEE ALSO
169.Xr ssh 1 ,
170.Xr ssh-agent 1 ,
171.Xr ssh-keygen 1 ,
f98d56f0 172.Xr sshd 8
This page took 0.610692 seconds and 5 git commands to generate.