ssh-add.0 revision 248613
150477SpeterSSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1) 243561Skato 343561SkatoNAME 443561Skato ssh-add - adds private key identities to the authentication agent 544859Skato 643561SkatoSYNOPSIS 748351Speter ssh-add [-cDdkLlXx] [-t life] [file ...] 843561Skato ssh-add -s pkcs11 943561Skato ssh-add -e pkcs11 1043561Skato 1143561SkatoDESCRIPTION 1243561Skato ssh-add adds private key identities to the authentication agent, 1359535Snyan ssh-agent(1). When run without arguments, it adds the files 1461064Snyan ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After 1543561Skato loading a private key, ssh-add will try to load corresponding certificate 1659228Snyan information from the filename obtained by appending -cert.pub to the name 1768358Snyan of the private key file. Alternative file names can be given on the 1868358Snyan command line. 1968358Snyan 2059228Snyan If any file requires a passphrase, ssh-add asks for the passphrase from 2168358Snyan the user. The passphrase is read from the user's tty. ssh-add retries 2259228Snyan the last passphrase if multiple identity files are given. 2343561Skato 2443561Skato The authentication agent must be running and the SSH_AUTH_SOCK 2543561Skato environment variable must contain the name of its socket for ssh-add to 2643561Skato work. 2756994Skato 2843561Skato The options are as follows: 2943561Skato 3053688Snyan -c Indicates that added identities should be subject to confirmation 3143561Skato before being used for authentication. Confirmation is performed 3243561Skato by the SSH_ASKPASS program mentioned below. Successful 3343561Skato confirmation is signaled by a zero exit status from the 3443561Skato SSH_ASKPASS program, rather than text entered into the requester. 3543561Skato 3656994Skato -D Deletes all identities from the agent. 3743561Skato 3843561Skato -d Instead of adding identities, removes identities from the agent. 3943561Skato If ssh-add has been run without arguments, the keys for the 4043561Skato default identities and their corresponding certificates will be 4143561Skato removed. Otherwise, the argument list will be interpreted as a 4243561Skato list of paths to public key files to specify keys and 4343561Skato certificates to be removed from the agent. If no public key is 4443561Skato found at a given path, ssh-add will append .pub and retry. 4543561Skato 4643561Skato -e pkcs11 4744255Skato Remove keys provided by the PKCS#11 shared library pkcs11. 4843561Skato 4943561Skato -k When loading keys into or deleting keys from the agent, process 5043561Skato plain private keys only and skip certificates. 5143561Skato 5243561Skato -L Lists public key parameters of all identities currently 5343561Skato represented by the agent. 5465607Skato 5565607Skato -l Lists fingerprints of all identities currently represented by the 5665607Skato agent. 5765607Skato 5865607Skato -s pkcs11 5943561Skato Add keys provided by the PKCS#11 shared library pkcs11. 6065607Skato 6165607Skato -t life 6259228Snyan Set a maximum lifetime when adding identities to an agent. The 6343561Skato lifetime may be specified in seconds or in a time format 6443561Skato specified in sshd_config(5). 6543561Skato 6643561Skato -X Unlock the agent. 6743561Skato 6843561Skato -x Lock the agent with a password. 6943561Skato 7043561SkatoENVIRONMENT 7143561Skato DISPLAY and SSH_ASKPASS 7243561Skato If ssh-add needs a passphrase, it will read the passphrase from 7343561Skato the current terminal if it was run from a terminal. If ssh-add 7443561Skato does not have a terminal associated with it but DISPLAY and 7543561Skato SSH_ASKPASS are set, it will execute the program specified by 7643561Skato SSH_ASKPASS and open an X11 window to read the passphrase. This 7743561Skato is particularly useful when calling ssh-add from a .xsession or 7843561Skato related script. (Note that on some machines it may be necessary 7943561Skato to redirect the input from /dev/null to make this work.) 8043561Skato 8143561Skato SSH_AUTH_SOCK 8243561Skato Identifies the path of a UNIX-domain socket used to communicate 8343561Skato with the agent. 8443561Skato 8548351SpeterFILES 8648351Speter ~/.ssh/identity 8743561Skato Contains the protocol version 1 RSA authentication identity of 8843561Skato the user. 8943561Skato 9058871Skato ~/.ssh/id_dsa 9158871Skato Contains the protocol version 2 DSA authentication identity of 9243561Skato the user. 9343561Skato 9443561Skato ~/.ssh/id_ecdsa 9543561Skato Contains the protocol version 2 ECDSA authentication identity of 9643561Skato the user. 9743561Skato 9843561Skato ~/.ssh/id_rsa 9945241Skato Contains the protocol version 2 RSA authentication identity of 10043561Skato the user. 10143561Skato 10243561Skato Identity files should not be readable by anyone but the user. Note that 10343561Skato ssh-add ignores identity files if they are accessible by others. 10443561Skato 10543561SkatoEXIT STATUS 10643561Skato Exit status is 0 on success, 1 if the specified command fails, and 2 if 10743561Skato ssh-add is unable to contact the authentication agent. 10843561Skato 10943561SkatoSEE ALSO 11043561Skato ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8) 11143561Skato 11243561SkatoAUTHORS 11353206Snyan OpenSSH is a derivative of the original and free ssh 1.2.12 release by 11444630Skato Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 11553206Snyan de Raadt and Dug Song removed many bugs, re-added newer features and 11653206Snyan created OpenSSH. Markus Friedl contributed the support for SSH protocol 11753206Snyan versions 1.5 and 2.0. 11844630Skato 11944630SkatoOpenBSD 5.3 December 3, 2012 OpenBSD 5.3 12044630Skato