X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/a4e5acef6829a709c3c5f3ae8b26cc9bf96db33a..ccd01778c21e2fc83d9b0da282862828d4832757:/ssh-add.1 diff --git a/ssh-add.1 b/ssh-add.1 index bcdb8e7f..2e909ab1 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.38 2003/03/28 10:11:43 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.48 2009/10/22 15:02:12 sobrado Exp $ .\" .\" -*- nroff -*- .\" @@ -37,7 +37,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd September 25, 1999 +.Dd $Mdocdate$ .Dt SSH-ADD 1 .Os .Sh NAME @@ -45,7 +45,7 @@ .Nd adds RSA or DSA identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl lLdDxXc +.Op Fl cDdLlXx .Op Fl t Ar life .Op Ar .Nm ssh-add @@ -57,10 +57,10 @@ adds RSA or DSA identities to the authentication agent, .Xr ssh-agent 1 . When run without arguments, it adds the files -.Pa $HOME/.ssh/id_rsa , -.Pa $HOME/.ssh/id_dsa +.Pa ~/.ssh/id_rsa , +.Pa ~/.ssh/id_dsa and -.Pa $HOME/.ssh/identity . +.Pa ~/.ssh/identity . Alternative file names can be given on the command line. If any file requires a passphrase, .Nm @@ -69,30 +69,14 @@ The passphrase is read from the user's tty. .Nm retries the last passphrase if multiple identity files are given. .Pp -The authentication agent must be running and must be an ancestor of -the current process for +The authentication agent must be running and the +.Ev SSH_AUTH_SOCK +environment variable must contain the name of its socket for .Nm to work. .Pp The options are as follows: .Bl -tag -width Ds -.It Fl l -Lists fingerprints of all identities currently represented by the agent. -.It Fl L -Lists public key parameters of all identities currently represented by the agent. -.It Fl d -Instead of adding the identity, removes the identity from the agent. -.It Fl D -Deletes all identities from the agent. -.It Fl x -Lock the agent with a password. -.It Fl X -Unlock the agent. -.It Fl t Ar life -Set a maximum lifetime when adding identities to an agent. -The lifetime may be specified in seconds or in a time format -specified in -.Xr sshd_config 5 . .It Fl c Indicates that added identities should be subject to confirmation before being used for authentication. @@ -102,27 +86,42 @@ program mentioned below. Successful confirmation is signaled by a zero exit status from the .Ev SSH_ASKPASS program, rather than text entered into the requester. -.It Fl s Ar reader -Add key in smartcard -.Ar reader . +.It Fl D +Deletes all identities from the agent. +.It Fl d +Instead of adding identities, removes identities from the agent. +If +.Nm +has been run without arguments, the keys for the default identities will +be removed. +Otherwise, the argument list will be interpreted as a list of paths to +public key files and matching keys will be removed from the agent. +If no public key is found at a given path, +.Nm +will append +.Pa .pub +and retry. .It Fl e Ar reader Remove key in smartcard .Ar reader . +.It Fl L +Lists public key parameters of all identities currently represented +by the agent. +.It Fl l +Lists fingerprints of all identities currently represented by the agent. +.It Fl s Ar reader +Add key in smartcard +.Ar reader . +.It Fl t Ar life +Set a maximum lifetime when adding identities to an agent. +The lifetime may be specified in seconds or in a time format +specified in +.Xr sshd_config 5 . +.It Fl X +Unlock the agent. +.It Fl x +Lock the agent with a password. .El -.Sh FILES -.Bl -tag -width Ds -.It Pa $HOME/.ssh/identity -Contains the protocol version 1 RSA authentication identity of the user. -.It Pa $HOME/.ssh/id_dsa -Contains the protocol version 2 DSA authentication identity of the user. -.It Pa $HOME/.ssh/id_rsa -Contains the protocol version 2 RSA authentication identity of the user. -.El -.Pp -Identity files should not be readable by anyone but the user. -Note that -.Nm -ignores identity files if they are accessible by others. .Sh ENVIRONMENT .Bl -tag -width Ds .It Ev "DISPLAY" and "SSH_ASKPASS" @@ -142,21 +141,41 @@ and open an X11 window to read the passphrase. This is particularly useful when calling .Nm from a -.Pa .Xsession +.Pa .xsession or related script. (Note that on some machines it may be necessary to redirect the input from .Pa /dev/null to make this work.) .It Ev SSH_AUTH_SOCK -Identifies the path of a unix-domain socket used to communicate with the -agent. +Identifies the path of a +.Ux Ns -domain +socket used to communicate with the agent. .El +.Sh FILES +.Bl -tag -width Ds +.It Pa ~/.ssh/identity +Contains the protocol version 1 RSA authentication identity of the user. +.It Pa ~/.ssh/id_dsa +Contains the protocol version 2 DSA authentication identity of the user. +.It Pa ~/.ssh/id_rsa +Contains the protocol version 2 RSA authentication identity of the user. +.El +.Pp +Identity files should not be readable by anyone but the user. +Note that +.Nm +ignores identity files if they are accessible by others. .Sh DIAGNOSTICS Exit status is 0 on success, 1 if the specified command fails, and 2 if .Nm is unable to contact the authentication agent. +.Sh SEE ALSO +.Xr ssh 1 , +.Xr ssh-agent 1 , +.Xr ssh-keygen 1 , +.Xr sshd 8 .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. @@ -166,8 +185,3 @@ removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -.Sh SEE ALSO -.Xr ssh 1 , -.Xr ssh-agent 1 , -.Xr ssh-keygen 1 , -.Xr sshd 8