User Commands ssh-add(1)
NAME
ssh-add - add RSA or DSA identities to the authentication
agent
SYNOPSIS
ssh-add [-lLdDxX] [-t life] [ file ]...
DESCRIPTION
The ssh-add utility adds RSA or DSA identities to the
authentication agent, ssh-agent(1). When run without argu-
ments, it attempts to add all of the files
$HOME/.ssh/identity (RSA v1), $HOME/.ssh/idrsa (RSA v2),
and $HOME/.ssh/iddsa (DSA v2) that exist. If more than one
of the private keys exists, an attempt to decrypt each with
the same passphrase will be made before reprompting for a
different passphrase. The passphrase is read from the user's
tty or by running the program defined in SHASKPAS (see
below).
The authentication agent must be running.
OPTIONS
The following options are supported:
-d Instead of adding the identity, this option
removes the identity from the agent.
-D Deletes all identities from the agent.
-l Lists fingerprints of all identities currently
represented by the agent.
-L Lists public key parameters of all identities
currently represented by the agent.
-t life Sets a maximum lifetime when adding identities to
an agent. The lifetime may be specified in
seconds or in a time format specified in
sshd(1M).
-x Locks the agent with a password.
-X Unlocks the agent.
SunOS 5.11 Last change: 9 Jan 2004 1
User Commands ssh-add(1)
ENVIRONMENT VARIABLES
DISPLAY If ssh-add needs a passphrase, it will read
SHASKPAS the passphrase from the current terminal if
it was run from a terminal. If ssh-add does
not have a terminal associated with it but
DISPLAY and SHASKPAS are set, it will
execute the program specified by
SHASKPAS and open an X11 window to read
the passphrase. This is particularly useful
when calling ssh-add from a .Xsession or
related script.
SHAUTHSOCK Identifies the path of a unix-domain socket
used to communicate with the agent.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
These files should not be readable by anyone but the user.
Notice that ssh-add ignores a file if it is accessible by
others. It is possible to specify a passphrase when generat-
ing the key; that passphrase will be used to encrypt the
private part of this file.
If these files are stored on a network file system it is
assumed that either the protection provided in the file
themselves or the transport layer of the network file system
provides sufficient protection for the site policy. If this
is not the case, then it is recommended the key files are
stored on removable media or locally on the relevant hosts.
Recommended names for the DSA and RSA key files:
$HOME/.ssh/identity Contains the RSA authentication
identity of the user for protocol
version 1.
$HOME/.ssh/identity.pub Contains the public part of the
RSA authentication identity of
the user for protocol version 1.
SunOS 5.11 Last change: 9 Jan 2004 2
User Commands ssh-add(1)
$HOME/.ssh/iddsa Contains the private DSA authen-
tication identity of the user.
$HOME/.ssh/iddsa.pub Contains the public part of the
DSA authentication identity of
the user.
$HOME/.ssh/idrsa Contains the private RSA authen-
tication identity of the user.
$HOME/.ssh/idrsa.pub Contains the public part of the
RSA authentication identity of
the user.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWsshu
Interface Stability Evolving
SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1), sshd(1M), attributes(5)
SunOS 5.11 Last change: 9 Jan 2004 3
|
