-.\" $OpenBSD: ssh-agent.1,v 1.26 2001/07/15 16:57:21 stevesk Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.29 2001/11/19 18:40:46 stevesk Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.Nd authentication agent
.Sh SYNOPSIS
.Nm ssh-agent
-.Ar command
-.Ar args ...
-.Nm ssh-agent
.Op Fl c Li | Fl s
+.Op Fl d
+.Op Ar command Op Ar args ...
.Nm ssh-agent
+.Op Fl c Li | Fl s
.Fl k
-.Nm ssh-agent
-.Fl d
.Sh DESCRIPTION
.Nm
is a program to hold private keys used for public key authentication
identities anywhere in the network in a secure way.
.Pp
There are two main ways to get an agent setup:
-Either you let the agent
-start a new subcommand into which some environment variables are exported, or
-you let the agent print the needed shell commands (either
+Either the agent starts a new subcommand into which some environment
+variables are exported, or the agent prints the needed shell commands
+(either
.Xr sh 1
or
.Xr csh 1
.Xr ssh 1
looks at these variables and uses them to establish a connection to the agent.
.Pp
+The agent will never send a private key over its request channel.
+Instead, operations that require a private key will be performed
+by the agent, and the result will be returned to the requester.
+This way, private keys are not exposed to clients using the agent.
+.Pp
A unix-domain socket is created
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
and the name of this socket is stored in the