ssh-add.0 revision 218767
1180740SdesSSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1) 2180740Sdes 3180740SdesNAME 4218767Sdes ssh-add - adds private key identities to the authentication agent 5180740Sdes 6180740SdesSYNOPSIS 7180740Sdes ssh-add [-cDdLlXx] [-t life] [file ...] 8204861Sdes ssh-add -s pkcs11 9204861Sdes ssh-add -e pkcs11 10180740Sdes 11180740SdesDESCRIPTION 12218767Sdes ssh-add adds private key identities to the authentication agent, 13180740Sdes ssh-agent(1). When run without arguments, it adds the files 14218767Sdes ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After 15218767Sdes loading a private key, ssh-add will try to load corresponding certificate 16214979Sdes information from the filename obtained by appending -cert.pub to the name 17214979Sdes of the private key file. Alternative file names can be given on the 18214979Sdes command line. 19180740Sdes 20204861Sdes If any file requires a passphrase, ssh-add asks for the passphrase from 21204861Sdes the user. The passphrase is read from the user's tty. ssh-add retries 22204861Sdes the last passphrase if multiple identity files are given. 23204861Sdes 24214979Sdes The authentication agent must be running and the SSH_AUTH_SOCK 25214979Sdes environment variable must contain the name of its socket for ssh-add to 26214979Sdes work. 27180740Sdes 28180740Sdes The options are as follows: 29180740Sdes 30180740Sdes -c Indicates that added identities should be subject to confirmation 31180740Sdes before being used for authentication. Confirmation is performed 32214979Sdes by the SSH_ASKPASS program mentioned below. Successful 33214979Sdes confirmation is signaled by a zero exit status from the 34214979Sdes SSH_ASKPASS program, rather than text entered into the requester. 35180740Sdes 36180740Sdes -D Deletes all identities from the agent. 37180740Sdes 38180744Sdes -d Instead of adding identities, removes identities from the agent. 39214979Sdes If ssh-add has been run without arguments, the keys for the 40214979Sdes default identities will be removed. Otherwise, the argument list 41180744Sdes will be interpreted as a list of paths to public key files and 42180744Sdes matching keys will be removed from the agent. If no public key 43180744Sdes is found at a given path, ssh-add will append .pub and retry. 44180740Sdes 45204861Sdes -e pkcs11 46204861Sdes Remove keys provided by the PKCS#11 shared library pkcs11. 47180740Sdes 48214979Sdes -L Lists public key parameters of all identities currently 49214979Sdes represented by the agent. 50180740Sdes 51180740Sdes -l Lists fingerprints of all identities currently represented by the 52180740Sdes agent. 53180740Sdes 54204861Sdes -s pkcs11 55204861Sdes Add keys provided by the PKCS#11 shared library pkcs11. 56180740Sdes 57180740Sdes -t life 58180740Sdes Set a maximum lifetime when adding identities to an agent. The 59214979Sdes lifetime may be specified in seconds or in a time format 60214979Sdes specified in sshd_config(5). 61180740Sdes 62180740Sdes -X Unlock the agent. 63180740Sdes 64180740Sdes -x Lock the agent with a password. 65180740Sdes 66180740SdesENVIRONMENT 67180740Sdes DISPLAY and SSH_ASKPASS 68180740Sdes If ssh-add needs a passphrase, it will read the passphrase from 69180740Sdes the current terminal if it was run from a terminal. If ssh-add 70180740Sdes does not have a terminal associated with it but DISPLAY and 71180740Sdes SSH_ASKPASS are set, it will execute the program specified by 72180740Sdes SSH_ASKPASS and open an X11 window to read the passphrase. This 73180740Sdes is particularly useful when calling ssh-add from a .xsession or 74180740Sdes related script. (Note that on some machines it may be necessary 75180740Sdes to redirect the input from /dev/null to make this work.) 76180740Sdes 77180740Sdes SSH_AUTH_SOCK 78204861Sdes Identifies the path of a UNIX-domain socket used to communicate 79180740Sdes with the agent. 80180740Sdes 81180740SdesFILES 82180740Sdes ~/.ssh/identity 83180740Sdes Contains the protocol version 1 RSA authentication identity of 84180740Sdes the user. 85180740Sdes 86180740Sdes ~/.ssh/id_dsa 87180740Sdes Contains the protocol version 2 DSA authentication identity of 88180740Sdes the user. 89180740Sdes 90218767Sdes ~/.ssh/id_ecdsa 91218767Sdes Contains the protocol version 2 ECDSA authentication identity of 92218767Sdes the user. 93218767Sdes 94180740Sdes ~/.ssh/id_rsa 95180740Sdes Contains the protocol version 2 RSA authentication identity of 96180740Sdes the user. 97180740Sdes 98180740Sdes Identity files should not be readable by anyone but the user. Note that 99180740Sdes ssh-add ignores identity files if they are accessible by others. 100180740Sdes 101218767SdesEXIT STATUS 102180740Sdes Exit status is 0 on success, 1 if the specified command fails, and 2 if 103180740Sdes ssh-add is unable to contact the authentication agent. 104180740Sdes 105180740SdesSEE ALSO 106180740Sdes ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8) 107180740Sdes 108180740SdesAUTHORS 109180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 110180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 111214979Sdes de Raadt and Dug Song removed many bugs, re-added newer features and 112214979Sdes created OpenSSH. Markus Friedl contributed the support for SSH protocol 113180740Sdes versions 1.5 and 2.0. 114180740Sdes 115218767SdesOpenBSD 4.8 October 28, 2010 OpenBSD 4.8 116