ssh-add.0 revision 239844
1180740SdesSSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1) 2180740Sdes 3180740SdesNAME 4218767Sdes ssh-add - adds private key identities to the authentication agent 5180740Sdes 6180740SdesSYNOPSIS 7239844Sdes ssh-add [-cDdkLlXx] [-t life] [file ...] 8204861Sdes ssh-add -s pkcs11 9204861Sdes ssh-add -e pkcs11 10180740Sdes 11180740SdesDESCRIPTION 12218767Sdes ssh-add adds private key identities to the authentication agent, 13180740Sdes ssh-agent(1). When run without arguments, it adds the files 14218767Sdes ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After 15218767Sdes loading a private key, ssh-add will try to load corresponding certificate 16214979Sdes information from the filename obtained by appending -cert.pub to the name 17214979Sdes of the private key file. Alternative file names can be given on the 18214979Sdes command line. 19180740Sdes 20204861Sdes If any file requires a passphrase, ssh-add asks for the passphrase from 21204861Sdes the user. The passphrase is read from the user's tty. ssh-add retries 22204861Sdes the last passphrase if multiple identity files are given. 23204861Sdes 24214979Sdes The authentication agent must be running and the SSH_AUTH_SOCK 25214979Sdes environment variable must contain the name of its socket for ssh-add to 26214979Sdes work. 27180740Sdes 28180740Sdes The options are as follows: 29180740Sdes 30180740Sdes -c Indicates that added identities should be subject to confirmation 31180740Sdes before being used for authentication. Confirmation is performed 32214979Sdes by the SSH_ASKPASS program mentioned below. Successful 33214979Sdes confirmation is signaled by a zero exit status from the 34214979Sdes SSH_ASKPASS program, rather than text entered into the requester. 35180740Sdes 36180740Sdes -D Deletes all identities from the agent. 37180740Sdes 38180744Sdes -d Instead of adding identities, removes identities from the agent. 39214979Sdes If ssh-add has been run without arguments, the keys for the 40214979Sdes default identities will be removed. Otherwise, the argument list 41180744Sdes will be interpreted as a list of paths to public key files and 42180744Sdes matching keys will be removed from the agent. If no public key 43180744Sdes is found at a given path, ssh-add will append .pub and retry. 44180740Sdes 45204861Sdes -e pkcs11 46204861Sdes Remove keys provided by the PKCS#11 shared library pkcs11. 47180740Sdes 48239844Sdes -k When loading keys into the agent, load plain private keys only 49239844Sdes and skip certificates. 50239844Sdes 51214979Sdes -L Lists public key parameters of all identities currently 52214979Sdes represented by the agent. 53180740Sdes 54180740Sdes -l Lists fingerprints of all identities currently represented by the 55180740Sdes agent. 56180740Sdes 57204861Sdes -s pkcs11 58204861Sdes Add keys provided by the PKCS#11 shared library pkcs11. 59180740Sdes 60180740Sdes -t life 61180740Sdes Set a maximum lifetime when adding identities to an agent. The 62214979Sdes lifetime may be specified in seconds or in a time format 63214979Sdes specified in sshd_config(5). 64180740Sdes 65180740Sdes -X Unlock the agent. 66180740Sdes 67180740Sdes -x Lock the agent with a password. 68180740Sdes 69180740SdesENVIRONMENT 70180740Sdes DISPLAY and SSH_ASKPASS 71180740Sdes If ssh-add needs a passphrase, it will read the passphrase from 72180740Sdes the current terminal if it was run from a terminal. If ssh-add 73180740Sdes does not have a terminal associated with it but DISPLAY and 74180740Sdes SSH_ASKPASS are set, it will execute the program specified by 75180740Sdes SSH_ASKPASS and open an X11 window to read the passphrase. This 76180740Sdes is particularly useful when calling ssh-add from a .xsession or 77180740Sdes related script. (Note that on some machines it may be necessary 78180740Sdes to redirect the input from /dev/null to make this work.) 79180740Sdes 80180740Sdes SSH_AUTH_SOCK 81204861Sdes Identifies the path of a UNIX-domain socket used to communicate 82180740Sdes with the agent. 83180740Sdes 84180740SdesFILES 85180740Sdes ~/.ssh/identity 86180740Sdes Contains the protocol version 1 RSA authentication identity of 87180740Sdes the user. 88180740Sdes 89180740Sdes ~/.ssh/id_dsa 90180740Sdes Contains the protocol version 2 DSA authentication identity of 91180740Sdes the user. 92180740Sdes 93218767Sdes ~/.ssh/id_ecdsa 94218767Sdes Contains the protocol version 2 ECDSA authentication identity of 95218767Sdes the user. 96218767Sdes 97180740Sdes ~/.ssh/id_rsa 98180740Sdes Contains the protocol version 2 RSA authentication identity of 99180740Sdes the user. 100180740Sdes 101180740Sdes Identity files should not be readable by anyone but the user. Note that 102180740Sdes ssh-add ignores identity files if they are accessible by others. 103180740Sdes 104218767SdesEXIT STATUS 105180740Sdes Exit status is 0 on success, 1 if the specified command fails, and 2 if 106180740Sdes ssh-add is unable to contact the authentication agent. 107180740Sdes 108180740SdesSEE ALSO 109180740Sdes ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8) 110180740Sdes 111180740SdesAUTHORS 112180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 113180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 114214979Sdes de Raadt and Dug Song removed many bugs, re-added newer features and 115214979Sdes created OpenSSH. Markus Friedl contributed the support for SSH protocol 116180740Sdes versions 1.5 and 2.0. 117180740Sdes 118239844SdesOpenBSD 5.0 October 18, 2011 OpenBSD 5.0 119