ssh-add.0 revision 180740
1180740SdesSSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1) 2180740Sdes 3180740SdesNAME 4180740Sdes ssh-add - adds RSA or DSA identities to the authentication agent 5180740Sdes 6180740SdesSYNOPSIS 7180740Sdes ssh-add [-cDdLlXx] [-t life] [file ...] 8180740Sdes ssh-add -s reader 9180740Sdes ssh-add -e reader 10180740Sdes 11180740SdesDESCRIPTION 12180740Sdes ssh-add adds RSA or DSA identities to the authentication agent, 13180740Sdes ssh-agent(1). When run without arguments, it adds the files 14180740Sdes ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. Alternative file names 15180740Sdes can be given on the command line. If any file requires a passphrase, 16180740Sdes ssh-add asks for the passphrase from the user. The passphrase is read 17180740Sdes from the user's tty. ssh-add retries the last passphrase if multiple 18180740Sdes identity files are given. 19180740Sdes 20180740Sdes The authentication agent must be running and the SSH_AUTH_SOCK environ- 21180740Sdes ment variable must contain the name of its socket for ssh-add to work. 22180740Sdes 23180740Sdes The options are as follows: 24180740Sdes 25180740Sdes -c Indicates that added identities should be subject to confirmation 26180740Sdes before being used for authentication. Confirmation is performed 27180740Sdes by the SSH_ASKPASS program mentioned below. Successful confirma- 28180740Sdes tion is signaled by a zero exit status from the SSH_ASKPASS pro- 29180740Sdes gram, rather than text entered into the requester. 30180740Sdes 31180740Sdes -D Deletes all identities from the agent. 32180740Sdes 33180740Sdes -d Instead of adding the identity, removes the identity from the 34180740Sdes agent. 35180740Sdes 36180740Sdes -e reader 37180740Sdes Remove key in smartcard reader. 38180740Sdes 39180740Sdes -L Lists public key parameters of all identities currently repre- 40180740Sdes sented by the agent. 41180740Sdes 42180740Sdes -l Lists fingerprints of all identities currently represented by the 43180740Sdes agent. 44180740Sdes 45180740Sdes -s reader 46180740Sdes Add key in smartcard reader. 47180740Sdes 48180740Sdes -t life 49180740Sdes Set a maximum lifetime when adding identities to an agent. The 50180740Sdes lifetime may be specified in seconds or in a time format speci- 51180740Sdes fied in sshd_config(5). 52180740Sdes 53180740Sdes -X Unlock the agent. 54180740Sdes 55180740Sdes -x Lock the agent with a password. 56180740Sdes 57180740SdesENVIRONMENT 58180740Sdes DISPLAY and SSH_ASKPASS 59180740Sdes If ssh-add needs a passphrase, it will read the passphrase from 60180740Sdes the current terminal if it was run from a terminal. If ssh-add 61180740Sdes does not have a terminal associated with it but DISPLAY and 62180740Sdes SSH_ASKPASS are set, it will execute the program specified by 63180740Sdes SSH_ASKPASS and open an X11 window to read the passphrase. This 64180740Sdes is particularly useful when calling ssh-add from a .xsession or 65180740Sdes related script. (Note that on some machines it may be necessary 66180740Sdes to redirect the input from /dev/null to make this work.) 67180740Sdes 68180740Sdes SSH_AUTH_SOCK 69180740Sdes Identifies the path of a unix-domain socket used to communicate 70180740Sdes with the agent. 71180740Sdes 72180740SdesFILES 73180740Sdes ~/.ssh/identity 74180740Sdes Contains the protocol version 1 RSA authentication identity of 75180740Sdes the user. 76180740Sdes 77180740Sdes ~/.ssh/id_dsa 78180740Sdes Contains the protocol version 2 DSA authentication identity of 79180740Sdes the user. 80180740Sdes 81180740Sdes ~/.ssh/id_rsa 82180740Sdes Contains the protocol version 2 RSA authentication identity of 83180740Sdes the user. 84180740Sdes 85180740Sdes Identity files should not be readable by anyone but the user. Note that 86180740Sdes ssh-add ignores identity files if they are accessible by others. 87180740Sdes 88180740SdesDIAGNOSTICS 89180740Sdes Exit status is 0 on success, 1 if the specified command fails, and 2 if 90180740Sdes ssh-add is unable to contact the authentication agent. 91180740Sdes 92180740SdesSEE ALSO 93180740Sdes ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8) 94180740Sdes 95180740SdesAUTHORS 96180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 97180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 98180740Sdes de Raadt and Dug Song removed many bugs, re-added newer features and cre- 99180740Sdes ated OpenSSH. Markus Friedl contributed the support for SSH protocol 100180740Sdes versions 1.5 and 2.0. 101180740Sdes 102180740SdesOpenBSD 4.1 September 25, 1999 2 103