ssh-add.0 revision 262566
11539SrgrimesSSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1) 21539Srgrimes 31539SrgrimesNAME 41539Srgrimes ssh-add - adds private key identities to the authentication agent 51539Srgrimes 61539SrgrimesSYNOPSIS 71539Srgrimes ssh-add [-cDdkLlXx] [-t life] [file ...] 81539Srgrimes ssh-add -s pkcs11 91539Srgrimes ssh-add -e pkcs11 101539Srgrimes 111539SrgrimesDESCRIPTION 121539Srgrimes ssh-add adds private key identities to the authentication agent, 131539Srgrimes ssh-agent(1). When run without arguments, it adds the files 141539Srgrimes ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and 151539Srgrimes ~/.ssh/identity. After loading a private key, ssh-add will try to load 161539Srgrimes corresponding certificate information from the filename obtained by 171539Srgrimes appending -cert.pub to the name of the private key file. Alternative 181539Srgrimes file names can be given on the command line. 191539Srgrimes 201539Srgrimes If any file requires a passphrase, ssh-add asks for the passphrase from 211539Srgrimes the user. The passphrase is read from the user's tty. ssh-add retries 221539Srgrimes the last passphrase if multiple identity files are given. 231539Srgrimes 241539Srgrimes The authentication agent must be running and the SSH_AUTH_SOCK 251539Srgrimes environment variable must contain the name of its socket for ssh-add to 261539Srgrimes work. 271539Srgrimes 281539Srgrimes The options are as follows: 291539Srgrimes 301539Srgrimes -c Indicates that added identities should be subject to confirmation 311539Srgrimes before being used for authentication. Confirmation is performed 321539Srgrimes by the SSH_ASKPASS program mentioned below. Successful 331539Srgrimes confirmation is signaled by a zero exit status from the 341539Srgrimes SSH_ASKPASS program, rather than text entered into the requester. 351539Srgrimes 361539Srgrimes -D Deletes all identities from the agent. 3793032Simp 381539Srgrimes -d Instead of adding identities, removes identities from the agent. 391539Srgrimes If ssh-add has been run without arguments, the keys for the 401539Srgrimes default identities and their corresponding certificates will be 411539Srgrimes removed. Otherwise, the argument list will be interpreted as a 421539Srgrimes list of paths to public key files to specify keys and 431539Srgrimes certificates to be removed from the agent. If no public key is 441539Srgrimes found at a given path, ssh-add will append .pub and retry. 451539Srgrimes 461539Srgrimes -e pkcs11 471539Srgrimes Remove keys provided by the PKCS#11 shared library pkcs11. 481539Srgrimes 491539Srgrimes -k When loading keys into or deleting keys from the agent, process 501539Srgrimes plain private keys only and skip certificates. 511539Srgrimes 521539Srgrimes -L Lists public key parameters of all identities currently 5314352Sjkh represented by the agent. 541539Srgrimes 551539Srgrimes -l Lists fingerprints of all identities currently represented by the 561539Srgrimes agent. 571539Srgrimes 581539Srgrimes -s pkcs11 591539Srgrimes Add keys provided by the PKCS#11 shared library pkcs11. 601539Srgrimes 611539Srgrimes -t life 621539Srgrimes Set a maximum lifetime when adding identities to an agent. The 631539Srgrimes lifetime may be specified in seconds or in a time format 641539Srgrimes specified in sshd_config(5). 651539Srgrimes 661539Srgrimes -X Unlock the agent. 6793032Simp 6893032Simp -x Lock the agent with a password. 6993032Simp 7093032SimpENVIRONMENT 7193032Simp DISPLAY and SSH_ASKPASS 7293032Simp If ssh-add needs a passphrase, it will read the passphrase from 7393032Simp the current terminal if it was run from a terminal. If ssh-add 7493032Simp does not have a terminal associated with it but DISPLAY and 7593032Simp SSH_ASKPASS are set, it will execute the program specified by 7693032Simp SSH_ASKPASS and open an X11 window to read the passphrase. This 7793032Simp is particularly useful when calling ssh-add from a .xsession or 781539Srgrimes related script. (Note that on some machines it may be necessary 791539Srgrimes to redirect the input from /dev/null to make this work.) 801539Srgrimes 81 SSH_AUTH_SOCK 82 Identifies the path of a UNIX-domain socket used to communicate 83 with the agent. 84 85FILES 86 ~/.ssh/identity 87 Contains the protocol version 1 RSA authentication identity of 88 the user. 89 90 ~/.ssh/id_dsa 91 Contains the protocol version 2 DSA authentication identity of 92 the user. 93 94 ~/.ssh/id_ecdsa 95 Contains the protocol version 2 ECDSA authentication identity of 96 the user. 97 98 ~/.ssh/id_ed25519 99 Contains the protocol version 2 ED25519 authentication identity 100 of the user. 101 102 ~/.ssh/id_rsa 103 Contains the protocol version 2 RSA authentication identity of 104 the user. 105 106 Identity files should not be readable by anyone but the user. Note that 107 ssh-add ignores identity files if they are accessible by others. 108 109EXIT STATUS 110 Exit status is 0 on success, 1 if the specified command fails, and 2 if 111 ssh-add is unable to contact the authentication agent. 112 113SEE ALSO 114 ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8) 115 116AUTHORS 117 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 118 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 119 de Raadt and Dug Song removed many bugs, re-added newer features and 120 created OpenSSH. Markus Friedl contributed the support for SSH protocol 121 versions 1.5 and 2.0. 122 123OpenBSD 5.4 December 7, 2013 OpenBSD 5.4 124