ssh-add
—
adds RSA or DSA identities to the authentication agent
ssh-add |
[-lLdD ] [file ...] |
ssh-add
adds RSA or DSA identities to the authentication
agent, ssh-agent(1). When run without arguments, it adds the
files $HOME/.ssh/id_rsa,
$HOME/.ssh/id_dsa and
$HOME/.ssh/identity. Alternative file names can be
given on the command line. If any file requires a passphrase,
ssh-add
asks for the passphrase from the user. The
passphrase is read from the user's tty. ssh-add
retries the last passphrase if multiple identity files are given.
The authentication agent must be running and must be an ancestor
of the current process for ssh-add
to work.
The options are as follows:
-l
- Lists fingerprints of all identities currently represented by the
agent.
-L
- Lists public key parameters of all identities currently represented by the
agent.
-d
- Instead of adding the identity, removes the identity from the agent.
-D
- Deletes all identities from the agent.
-s
reader
- Add key in smartcard reader.
-e
reader
- Remove key in smartcard reader.
- $HOME/.ssh/identity
- Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user. Note that
ssh-add
ignores this file if it is accessible by
others. It is possible to specify a passphrase when generating the key;
that passphrase will be used to encrypt the private part of this file.
This is the default file added by ssh-add
when no
other files have been specified.
- $HOME/.ssh/id_dsa
- Contains the protocol version 2 DSA authentication identity of the
user.
- $HOME/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of the
user.
DISPLAY
and SSH_ASKPASS
- If
ssh-add
needs a passphrase, it will read the
passphrase from the current terminal if it was run from a terminal. If
ssh-add
does not have a terminal associated with
it but DISPLAY
and
SSH_ASKPASS
are set, it will execute the program
specified by SSH_ASKPASS
and open an X11 window to
read the passphrase. This is particularly useful when calling
ssh-add
from a .Xsession
or related script. (Note that on some machines it may be necessary to
redirect the input from /dev/null to make this
work.)
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu
Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt
and Dug Song removed many bugs, re-added newer features and created OpenSSH.
Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0.