crypto/openssh/ssh-add.0

180740SdesSSH-ADD(1)                 OpenBSD Reference Manual                 SSH-ADD(1)
180740Sdes
180740SdesNAME
218767Sdes     ssh-add - adds private key identities to the authentication agent
180740Sdes
180740SdesSYNOPSIS
180740Sdes     ssh-add [-cDdLlXx] [-t life] [file ...]
204861Sdes     ssh-add -s pkcs11
204861Sdes     ssh-add -e pkcs11
180740Sdes
180740SdesDESCRIPTION
218767Sdes     ssh-add adds private key identities to the authentication agent,
180740Sdes     ssh-agent(1).  When run without arguments, it adds the files
218767Sdes     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity.  After
218767Sdes     loading a private key, ssh-add will try to load corresponding certificate
214979Sdes     information from the filename obtained by appending -cert.pub to the name
214979Sdes     of the private key file.  Alternative file names can be given on the
214979Sdes     command line.
180740Sdes
204861Sdes     If any file requires a passphrase, ssh-add asks for the passphrase from
204861Sdes     the user.  The passphrase is read from the user's tty.  ssh-add retries
204861Sdes     the last passphrase if multiple identity files are given.
204861Sdes
214979Sdes     The authentication agent must be running and the SSH_AUTH_SOCK
214979Sdes     environment variable must contain the name of its socket for ssh-add to
214979Sdes     work.
180740Sdes
180740Sdes     The options are as follows:
180740Sdes
180740Sdes     -c      Indicates that added identities should be subject to confirmation
180740Sdes             before being used for authentication.  Confirmation is performed
214979Sdes             by the SSH_ASKPASS program mentioned below.  Successful
214979Sdes             confirmation is signaled by a zero exit status from the
214979Sdes             SSH_ASKPASS program, rather than text entered into the requester.
180740Sdes
180740Sdes     -D      Deletes all identities from the agent.
180740Sdes
180744Sdes     -d      Instead of adding identities, removes identities from the agent.
214979Sdes             If ssh-add has been run without arguments, the keys for the
214979Sdes             default identities will be removed.  Otherwise, the argument list
180744Sdes             will be interpreted as a list of paths to public key files and
180744Sdes             matching keys will be removed from the agent.  If no public key
180744Sdes             is found at a given path, ssh-add will append .pub and retry.
180740Sdes
204861Sdes     -e pkcs11
204861Sdes             Remove keys provided by the PKCS#11 shared library pkcs11.
180740Sdes
214979Sdes     -L      Lists public key parameters of all identities currently
214979Sdes             represented by the agent.
180740Sdes
180740Sdes     -l      Lists fingerprints of all identities currently represented by the
180740Sdes             agent.
180740Sdes
204861Sdes     -s pkcs11
204861Sdes             Add keys provided by the PKCS#11 shared library pkcs11.
180740Sdes
180740Sdes     -t life
180740Sdes             Set a maximum lifetime when adding identities to an agent.  The
214979Sdes             lifetime may be specified in seconds or in a time format
214979Sdes             specified in sshd_config(5).
180740Sdes
180740Sdes     -X      Unlock the agent.
180740Sdes
180740Sdes     -x      Lock the agent with a password.
180740Sdes
180740SdesENVIRONMENT
180740Sdes     DISPLAY and SSH_ASKPASS
180740Sdes             If ssh-add needs a passphrase, it will read the passphrase from
180740Sdes             the current terminal if it was run from a terminal.  If ssh-add
180740Sdes             does not have a terminal associated with it but DISPLAY and
180740Sdes             SSH_ASKPASS are set, it will execute the program specified by
180740Sdes             SSH_ASKPASS and open an X11 window to read the passphrase.  This
180740Sdes             is particularly useful when calling ssh-add from a .xsession or
180740Sdes             related script.  (Note that on some machines it may be necessary
180740Sdes             to redirect the input from /dev/null to make this work.)
180740Sdes
180740Sdes     SSH_AUTH_SOCK
204861Sdes             Identifies the path of a UNIX-domain socket used to communicate
180740Sdes             with the agent.
180740Sdes
180740SdesFILES
180740Sdes     ~/.ssh/identity
180740Sdes             Contains the protocol version 1 RSA authentication identity of
180740Sdes             the user.
180740Sdes
180740Sdes     ~/.ssh/id_dsa
180740Sdes             Contains the protocol version 2 DSA authentication identity of
180740Sdes             the user.
180740Sdes
218767Sdes     ~/.ssh/id_ecdsa
218767Sdes             Contains the protocol version 2 ECDSA authentication identity of
218767Sdes             the user.
218767Sdes
180740Sdes     ~/.ssh/id_rsa
180740Sdes             Contains the protocol version 2 RSA authentication identity of
180740Sdes             the user.
180740Sdes
180740Sdes     Identity files should not be readable by anyone but the user.  Note that
180740Sdes     ssh-add ignores identity files if they are accessible by others.
180740Sdes
218767SdesEXIT STATUS
180740Sdes     Exit status is 0 on success, 1 if the specified command fails, and 2 if
180740Sdes     ssh-add is unable to contact the authentication agent.
180740Sdes
180740SdesSEE ALSO
180740Sdes     ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
180740Sdes
180740SdesAUTHORS
180740Sdes     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
180740Sdes     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
214979Sdes     de Raadt and Dug Song removed many bugs, re-added newer features and
214979Sdes     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
180740Sdes     versions 1.5 and 2.0.
180740Sdes
218767SdesOpenBSD 4.8                    October 28, 2010                    OpenBSD 4.8