-.\" $OpenBSD: ssh-add.1,v 1.27 2001/08/23 18:08:59 stevesk Exp $
+.\" $OpenBSD: ssh-add.1,v 1.35 2002/06/19 00:27:55 deraadt Exp $
.\"
.\" -*- nroff -*-
.\"
.Nd adds RSA or DSA identities to the authentication agent
.Sh SYNOPSIS
.Nm ssh-add
-.Op Fl lLdD
+.Op Fl lLdDxX
+.Op Fl t Ar life
.Op Ar
.Nm ssh-add
.Fl s Ar reader
.Nm
adds RSA or DSA identities to the authentication agent,
.Xr ssh-agent 1 .
-When run without arguments, it adds the file
+When run without arguments, it adds the files
+.Pa $HOME/.ssh/id_rsa ,
+.Pa $HOME/.ssh/id_dsa
+and
.Pa $HOME/.ssh/identity .
Alternative file names can be given on the command line.
If any file requires a passphrase,
Instead of adding the identity, removes the identity from the agent.
.It Fl D
Deletes all identities from the agent.
+.It Fl x
+Lock the agent with a password.
+.It Fl X
+Unlock the agent.
+.It Fl t Ar life
+Set a maximum lifetime when adding identities to an agent.
+The lifetime may be specified in seconds or in a time format
+specified in
+.Xr sshd 8 .
.It Fl s Ar reader
Add key in smartcard
.Ar reader .
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
-This file should not be readable by anyone but the user.
-Note that
-.Nm
-ignores this file if it is accessible by others.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file.
-This is the default file added by
-.Nm
-when no other files have been specified.
.It Pa $HOME/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa $HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.El
+.Pp
+Identity files should not be readable by anyone but the user.
+Note that
+.Nm
+ignores identity files if they are accessible by others.
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev "DISPLAY" and "SSH_ASKPASS"
may be necessary to redirect the input from
.Pa /dev/null
to make this work.)
+.It Ev SSH_AUTH_SOCK
+Identifies the path of a unix-domain socket used to communicate with the
+agent.
.El
+.Sh DIAGNOSTICS
+Exit status is 0 on success, 1 if the specified command fails,
+and 2 if
+.Nm
+is unable to contact the authentication agent.
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.