[openssh.git] / ssh-add.1

.\"  -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\"                    All rights reserved
.\"
.\" As far as I am concerned, the code I have written for this software
.\" can be used freely for any purpose.  Any derived versions of this
.\" software must be clearly marked as such, and if the derived work is
.\" incompatible with the protocol description in the RFC file, it must be
.\" called by a name other than "ssh" or "Secure Shell".
.\"
.\"
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd September 25, 1999
.Dt SSH-ADD 1
.Os
.Sh NAME
.Nm ssh-add
.Nd adds RSA or DSA identities for the authentication agent
.Sh SYNOPSIS
.Nm ssh-add
.Op Fl lLdD
.Op Ar
.Sh DESCRIPTION
.Nm
adds RSA or DSA identities to the authentication agent,
.Xr ssh-agent 1 .
When run without arguments, it adds the file
.Pa $HOME/.ssh/identity .
Alternative file names can be given on the command line.
If any file requires a passphrase,
.Nm
asks for the passphrase from the user.
The Passphrase it is read from the user's tty.
.Pp
The authentication agent must be running and must be an ancestor of
the current process for
.Nm
to work.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl l
Lists fingerprints of all identities currently represented by the agent.
.It Fl L
Lists public key parameters of all identities currently represented by the agent.
.It Fl d
Instead of adding the identity, removes the identity from the agent.
.It Fl D
Deletes all identities from the agent.
.El
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
Contains the RSA authentication identity of the user.
This file should not be readable by anyone but the user.
Note that
.Nm
ignores this file if it is accessible by others.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file.
This is the default file added by
.Nm
when no other files have been specified.
.It Pa $HOME/.ssh/id_dsa
Contains the DSA authentication identity of the user.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev "DISPLAY" and "SSH_ASKPASS"
If
.Nm
needs a passphrase, it will read the passphrase from the current
terminal if it was run from a terminal.
If
.Nm
does not have a terminal associated with it but
.Ev DISPLAY
and
.Ev SSH_ASKPASS
are set, it will execute the program specified by
.Ev SSH_ASKPASS
and open an X11 window to read the passphrase.
This is particularly useful when calling
.Nm
from a
.Pa .Xsession
or related script.
(Note that on some machines it
may be necessary to redirect the input from
.Pa /dev/null
to make this work.)
.El
.Sh AUTHORS
Tatu Ylonen <ylo@cs.hut.fi>
.Pp
OpenSSH
is a derivative of the original (free) ssh 1.2.12 release, but with bugs
removed and newer features re-added.
Rapidly after the 1.2.12 release,
newer versions bore successively more restrictive licenses.
This version of OpenSSH
.Bl -bullet
.It
has all components of a restrictive nature (i.e., patents, see
.Xr crypto 3 )
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.It
has been updated to support ssh protocol 1.5.
.It
contains added support for
.Xr kerberos 8
authentication and ticket passing.
.It
supports one-time password authentication with
.Xr skey 1 .
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr sshd 8 ,
.Xr crypto 3
Commit	Line	Data
bf740959	1	.\" -- nroff --
bf740959	2	.\"
bf740959	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
bf740959	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	5	.\" All rights reserved
	6	.\"
bcbf86ec	7	.\" As far as I am concerned, the code I have written for this software
	8	.\" can be used freely for any purpose. Any derived versions of this
	9	.\" software must be clearly marked as such, and if the derived work is
	10	.\" incompatible with the protocol description in the RFC file, it must be
	11	.\" called by a name other than "ssh" or "Secure Shell".
	12	.\"
	13	.\"
	14	.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
	15	.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
	16	.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
	17	.\"
	18	.\" Redistribution and use in source and binary forms, with or without
	19	.\" modification, are permitted provided that the following conditions
	20	.\" are met:
	21	.\" 1. Redistributions of source code must retain the above copyright
	22	.\" notice, this list of conditions and the following disclaimer.
	23	.\" 2. Redistributions in binary form must reproduce the above copyright
	24	.\" notice, this list of conditions and the following disclaimer in the
	25	.\" documentation and/or other materials provided with the distribution.
bf740959	26	.\"
bcbf86ec	27	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	28	.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	29	.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	30	.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	31	.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	32	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	33	.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	34	.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
bf740959	37	.\"
	38	.Dd September 25, 1999
	39	.Dt SSH-ADD 1
	40	.Os
	41	.Sh NAME
	42	.Nm ssh-add
2e73a022	43	.Nd adds RSA or DSA identities for the authentication agent
bf740959	44	.Sh SYNOPSIS
bf740959	45	.Nm ssh-add
f095fcc7	46	.Op Fl lLdD
bf740959	47	.Op Ar
f54651ce	48	.Sh DESCRIPTION
bf740959	49	.Nm
2e73a022	50	adds RSA or DSA identities to the authentication agent,
bf740959	51	.Xr ssh-agent 1 .
	52	When run without arguments, it adds the file
	53	.Pa $HOME/.ssh/identity .
4fe2af09	54	Alternative file names can be given on the command line.
4fe2af09	55	If any file requires a passphrase,
bf740959	56	.Nm
f54651ce	57	asks for the passphrase from the user.
4fe2af09	58	The Passphrase it is read from the user's tty.
bf740959	59	.Pp
	60	The authentication agent must be running and must be an ancestor of
	61	the current process for
	62	.Nm
	63	to work.
	64	.Pp
	65	The options are as follows:
	66	.Bl -tag -width Ds
	67	.It Fl l
f095fcc7	68	Lists fingerprints of all identities currently represented by the agent.
	69	.It Fl L
	70	Lists public key parameters of all identities currently represented by the agent.
bf740959	71	.It Fl d
	72	Instead of adding the identity, removes the identity from the agent.
	73	.It Fl D
	74	Deletes all identities from the agent.
	75	.El
	76	.Sh FILES
	77	.Bl -tag -width Ds
57112b5a	78	.It Pa $HOME/.ssh/identity
4fe2af09	79	Contains the RSA authentication identity of the user.
4fe2af09	80	This file should not be readable by anyone but the user.
bf740959	81	Note that
	82	.Nm
	83	ignores this file if it is accessible by others.
	84	It is possible to
	85	specify a passphrase when generating the key; that passphrase will be
4fe2af09	86	used to encrypt the private part of this file.
4fe2af09	87	This is the default file added by
bf740959	88	.Nm
bf740959	89	when no other files have been specified.
2e73a022	90	.It Pa $HOME/.ssh/id_dsa
2e73a022	91	Contains the DSA authentication identity of the user.
b5e300c2	92	.El
57112b5a	93	.Sh ENVIRONMENT
	94	.Bl -tag -width Ds
	95	.It Ev "DISPLAY" and "SSH_ASKPASS"
bf740959	96	If
	97	.Nm
	98	needs a passphrase, it will read the passphrase from the current
4fe2af09	99	terminal if it was run from a terminal.
4fe2af09	100	If
bf740959	101	.Nm
	102	does not have a terminal associated with it but
	103	.Ev DISPLAY
aa3378df	104	and
	105	.Ev SSH_ASKPASS
	106	are set, it will execute the program specified by
	107	.Ev SSH_ASKPASS
4fe2af09	108	and open an X11 window to read the passphrase.
4fe2af09	109	This is particularly useful when calling
bf740959	110	.Nm
	111	from a
	112	.Pa .Xsession
4fe2af09	113	or related script.
4fe2af09	114	(Note that on some machines it
bf740959	115	may be necessary to redirect the input from
	116	.Pa /dev/null
	117	to make this work.)
b5e300c2	118	.El
fa08c86b	119	.Sh AUTHORS
bf740959	120	Tatu Ylonen <ylo@cs.hut.fi>
	121	.Pp
	122	OpenSSH
	123	is a derivative of the original (free) ssh 1.2.12 release, but with bugs
4fe2af09	124	removed and newer features re-added.
	125	Rapidly after the 1.2.12 release,
	126	newer versions bore successively more restrictive licenses.
	127	This version of OpenSSH
bf740959	128	.Bl -bullet
bf740959	129	.It
bcbf86ec	130	has all components of a restrictive nature (i.e., patents, see
bcbf86ec	131	.Xr crypto 3 )
bf740959	132	directly removed from the source code; any licensed or patented components
	133	are chosen from
	134	external libraries.
	135	.It
	136	has been updated to support ssh protocol 1.5.
	137	.It
f54651ce	138	contains added support for
bf740959	139	.Xr kerberos 8
	140	authentication and ticket passing.
	141	.It
	142	supports one-time password authentication with
	143	.Xr skey 1 .
	144	.El
bf740959	145	.Sh SEE ALSO
	146	.Xr ssh 1 ,
	147	.Xr ssh-agent 1 ,
	148	.Xr ssh-keygen 1 ,
	149	.Xr sshd 8 ,
bcbf86ec	150	.Xr crypto 3