-.\" $OpenBSD: ssh-agent.1,v 1.48 2009/10/22 12:35:53 sobrado Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.50 2010/01/17 21:49:09 tedu Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.Bl -tag -width Ds
.It Fl a Ar bind_address
Bind the agent to the
-.Ux
-domain socket
+.Ux Ns -domain
+socket
.Ar bind_address .
The default is
.Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt .
.Pa ~/.ssh/identity .
If the identity has a passphrase,
.Xr ssh-add 1
-asks for the passphrase (using a small X11 application if running
-under X11, or from the terminal if running without X).
+asks for the passphrase on the terminal if it has one or from a small X11
+program if running under X11.
+If neither of these is the case then the authentication will fail.
It then sends the identity to the agent.
Several identities can be stored in the
agent; the agent can automatically use any of these identities.
This way, private keys are not exposed to clients using the agent.
.Pp
A
-.Ux
-domain socket is created and the name of this socket is stored in the
+.Ux Ns -domain
+socket is created and the name of this socket is stored in the
.Ev SSH_AUTH_SOCK
environment
variable.
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt
-.Ux
-domain sockets used to contain the connection to the
-authentication agent.
+.Ux Ns -domain
+sockets used to contain the connection to the authentication agent.
These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits.
.El