SH-AD(1) BSD General Commands Manual SH-AD(1)
NAME
ssh-add -- adds RSA or DSA identities to the authentication agent
SYNOPSIS
ssh-add [-cDdLlXxKk] [-t life] [file ...]
ssh-add -s reader
ssh-add -e reader
DESCRIPTION
ssh-add adds RSA or DSA identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
~/.ssh/idrsa, ~/.ssh/iddsa and ~/.ssh/identity. Alternative file names
can be given on the command line. If any file requires a passphrase,
ssh-add asks for the passphrase from the user. The passphrase is read
from the user's tty. ssh-add retries the last passphrase if multiple
identity files are given.
The authentication agent must be running and the SHAUTHSOCK environ-
ment variable must contain the name of its socket for ssh-add to work.
The options are as follows:
-c Indicates that added identities should be subject to confirmation
before being used for authentication. Confirmation is performed
by the SHASKPAS program mentioned below. Successful confirma-
tion is signaled by a zero exit status from the SHASKPAS pro-
gram, rather than text entered into the requester.
-D Deletes all identities from the agent.
-d Instead of adding identities, removes identities from the agent.
If ssh-add has been run without arguments, the keys for the
default identities will be removed. Otherwise, the argument list
will be interpreted as a list of paths to public key files and
matching keys will be removed from the agent. If no public key
is found at a given path, ssh-add will append .pub and retry.
-e reader
Remove key in smartcard reader.
-L Lists public key parameters of all identities currently repre-
sented by the agent.
-l Lists fingerprints of all identities currently represented by the
agent.
-s reader
Add key in smartcard reader.
-t life
Set a maximum lifetime when adding identities to an agent. The
lifetime may be specified in seconds or in a time format speci-
fied in sshdconfig(5).
-X Unlock the agent.
-x Lock the agent with a password.
-K When adding identities, each passphrase will also be stored in
your keychain. When removing identities with -d, each passphrase
will be removed from your keychain.
-k Add identities to the agent using any passphrases stored in your
keychain.
ENVIRONMENT
DISPLAY and SHASKPAS
If ssh-add needs a passphrase, it will read the passphrase from
the current terminal if it was run from a terminal. If ssh-add
does not have a terminal associated with it but DISPLAY and
SHASKPAS are set, it will execute the program specified by
SHASKPAS and open an X11 window to read the passphrase. This
is particularly useful when calling ssh-add from a .xsession or
related script. (Note that on some machines it may be necessary
to redirect the input from /dev/null to make this work.)
SHAUTHSOCK
Identifies the path of a unix-domain socket used to communicate
with the agent.
FILES
~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of
the user.
~/.ssh/iddsa
Contains the protocol version 2 DSA authentication identity of
the user.
~/.ssh/idrsa
Contains the protocol version 2 RSA authentication identity of
the user.
Identity files should not be readable by anyone but the user. Note that
ssh-add ignores identity files if they are accessible by others.
DIAGNOSTICS
Exit status is 0 on success, 1 if the specified command fails, and 2 if
ssh-add is unable to contact the authentication agent.
SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
AUTHORS
OpenSH is a derivative of the original and free ssh 1.2.12 release by
Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de Raadt and Dug Song removed many bugs, re-added newer features and cre-
ated OpenSH. Markus Friedl contributed the support for SH protocol
versions 1.5 and 2.0.
BSD March 6, 2010 BSD
|
