-.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.50 2010/01/17 21:49:09 tedu Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd September 25, 1999
+.Dd $Mdocdate$
.Dt SSH-AGENT 1
.Os
.Sh NAME
.Nd authentication agent
.Sh SYNOPSIS
.Nm ssh-agent
-.Op Fl a Ar bind_address
.Op Fl c Li | Fl s
.Op Fl d
-.Op Ar command Op Ar args ...
+.Op Fl a Ar bind_address
+.Op Fl t Ar life
+.Op Ar command Op Ar arg ...
.Nm ssh-agent
.Op Fl c Li | Fl s
.Fl k
The options are as follows:
.Bl -tag -width Ds
.It Fl a Ar bind_address
-Bind the agent to the unix-domain socket
+Bind the agent to the
+.Ux Ns -domain
+socket
.Ar bind_address .
The default is
-.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> .
+.Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt .
.It Fl c
Generate C-shell commands on
.Dv stdout .
This is the default if
.Ev SHELL
looks like it's a csh style of shell.
+.It Fl d
+Debug mode.
+When this option is specified
+.Nm
+will not fork.
+.It Fl k
+Kill the current agent (given by the
+.Ev SSH_AGENT_PID
+environment variable).
.It Fl s
Generate Bourne shell commands on
.Dv stdout .
This is the default if
.Ev SHELL
does not look like it's a csh style of shell.
-.It Fl k
-Kill the current agent (given by the
-.Ev SSH_AGENT_PID
-environment variable).
-.It Fl d
-Debug mode. When this option is specified
-.Nm
-will not fork.
+.It Fl t Ar life
+Set a default value for the maximum lifetime of identities added to the agent.
+The lifetime may be specified in seconds or in a time format specified in
+.Xr sshd_config 5 .
+A lifetime specified for an identity with
+.Xr ssh-add 1
+overrides this value.
+Without this option the default maximum lifetime is forever.
.El
.Pp
If a commandline is given, this is executed as a subprocess of the agent.
When executed without arguments,
.Xr ssh-add 1
adds the files
-.Pa $HOME/.ssh/id_rsa ,
-.Pa $HOME/.ssh/id_dsa
+.Pa ~/.ssh/id_rsa ,
+.Pa ~/.ssh/id_dsa
and
-.Pa $HOME/.ssh/identity .
+.Pa ~/.ssh/identity .
If the identity has a passphrase,
.Xr ssh-add 1
-asks for the passphrase (using a small X11 application if running
-under X11, or from the terminal if running without X).
+asks for the passphrase on the terminal if it has one or from a small X11
+program if running under X11.
+If neither of these is the case then the authentication will fail.
It then sends the identity to the agent.
Several identities can be stored in the
agent; the agent can automatically use any of these identities.
remote logins, and the user can thus use the privileges given by the
identities anywhere in the network in a secure way.
.Pp
-There are two main ways to get an agent setup:
-Either the agent starts a new subcommand into which some environment
-variables are exported, or the agent prints the needed shell commands
-(either
+There are two main ways to get an agent set up:
+The first is that the agent starts a new subcommand into which some environment
+variables are exported, eg
+.Cm ssh-agent xterm & .
+The second is that the agent prints the needed shell commands (either
+.Xr sh 1
+or
+.Xr csh 1
+syntax can be generated) which can be evaluated in the calling shell, eg
+.Cm eval `ssh-agent -s`
+for Bourne-type shells such as
.Xr sh 1
or
+.Xr ksh 1
+and
+.Cm eval `ssh-agent -c`
+for
.Xr csh 1
-syntax can be generated) which can be evalled in the calling shell.
+and derivatives.
+.Pp
Later
.Xr ssh 1
looks at these variables and uses them to establish a connection to the agent.
by the agent, and the result will be returned to the requester.
This way, private keys are not exposed to clients using the agent.
.Pp
-A unix-domain socket is created
-and the name of this socket is stored in the
+A
+.Ux Ns -domain
+socket is created and the name of this socket is stored in the
.Ev SSH_AUTH_SOCK
environment
variable.
line terminates.
.Sh FILES
.Bl -tag -width Ds
-.It Pa $HOME/.ssh/identity
+.It Pa ~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
-.It Pa $HOME/.ssh/id_dsa
+.It Pa ~/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
-.It Pa $HOME/.ssh/id_rsa
+.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
-.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
-Unix-domain sockets used to contain the connection to the
-authentication agent.
+.It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt
+.Ux Ns -domain
+sockets used to contain the connection to the authentication agent.
These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits.
.El
+.Sh SEE ALSO
+.Xr ssh 1 ,
+.Xr ssh-add 1 ,
+.Xr ssh-keygen 1 ,
+.Xr sshd 8
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
created OpenSSH.
Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.
-.Sh SEE ALSO
-.Xr ssh 1 ,
-.Xr ssh-add 1 ,
-.Xr ssh-keygen 1 ,
-.Xr sshd 8
andersk / openssh.git / blobdiff