| .\" $OpenBSD: ssh-add.1,v 1.33 2002/06/05 21:55:44 markus Exp $ |
| .\" |
| .\" -*- nroff -*- |
| .\" |
| .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| .\" All rights reserved |
| .\" |
| .\" As far as I am concerned, the code I have written for this software |
| .\" can be used freely for any purpose. Any derived versions of this |
| .\" software must be clearly marked as such, and if the derived work is |
| .\" incompatible with the protocol description in the RFC file, it must be |
| .\" called by a name other than "ssh" or "Secure Shell". |
| .\" |
| .\" |
| .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
| .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
| .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
| .\" |
| .\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
| .\" are met: |
| .\" 1. Redistributions of source code must retain the above copyright |
| .\" notice, this list of conditions and the following disclaimer. |
| .\" 2. Redistributions in binary form must reproduce the above copyright |
| .\" notice, this list of conditions and the following disclaimer in the |
| .\" documentation and/or other materials provided with the distribution. |
| .\" |
| .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
| .Dd September 25, 1999 |
| .Dt SSH-ADD 1 |
| .Os |
| .Sh NAME |
| .Nm ssh-add |
| .Nd adds RSA or DSA identities to the authentication agent |
| .Sh SYNOPSIS |
| .Nm ssh-add |
| .Op Fl lLdDxX |
| .Op Fl t Ar life |
| .Op Ar |
| .Nm ssh-add |
| .Fl s Ar reader |
| .Nm ssh-add |
| .Fl e Ar reader |
| .Sh DESCRIPTION |
| .Nm |
| adds RSA or DSA identities to the authentication agent, |
| .Xr ssh-agent 1 . |
| When run without arguments, it adds the files |
| .Pa $HOME/.ssh/id_rsa , |
| .Pa $HOME/.ssh/id_dsa |
| and |
| .Pa $HOME/.ssh/identity . |
| Alternative file names can be given on the command line. |
| If any file requires a passphrase, |
| .Nm |
| asks for the passphrase from the user. |
| The passphrase is read from the user's tty. |
| .Nm |
| retries the last passphrase if multiple identity files are given. |
| .Pp |
| The authentication agent must be running and must be an ancestor of |
| the current process for |
| .Nm |
| to work. |
| .Pp |
| The options are as follows: |
| .Bl -tag -width Ds |
| .It Fl l |
| Lists fingerprints of all identities currently represented by the agent. |
| .It Fl L |
| Lists public key parameters of all identities currently represented by the agent. |
| .It Fl d |
| Instead of adding the identity, removes the identity from the agent. |
| .It Fl D |
| Deletes all identities from the agent. |
| .It Fl x |
| Lock the agent with a password. |
| .It Fl X |
| Unlock the agent. |
| .It Fl t Ar life |
| Set a maximum lifetime when adding identities to an agent. |
| The lifetime is specified in seconds. |
| .It Fl s Ar reader |
| Add key in smartcard |
| .Ar reader . |
| .It Fl e Ar reader |
| Remove key in smartcard |
| .Ar reader . |
| .El |
| .Sh FILES |
| .Bl -tag -width Ds |
| .It Pa $HOME/.ssh/identity |
| Contains the protocol version 1 RSA authentication identity of the user. |
| .It Pa $HOME/.ssh/id_dsa |
| Contains the protocol version 2 DSA authentication identity of the user. |
| .It Pa $HOME/.ssh/id_rsa |
| Contains the protocol version 2 RSA authentication identity of the user. |
| .El |
| .Pp |
| Identity files should not be readable by anyone but the user. |
| Note that |
| .Nm |
| ignores identity files if they are accessible by others. |
| .Sh ENVIRONMENT |
| .Bl -tag -width Ds |
| .It Ev "DISPLAY" and "SSH_ASKPASS" |
| If |
| .Nm |
| needs a passphrase, it will read the passphrase from the current |
| terminal if it was run from a terminal. |
| If |
| .Nm |
| does not have a terminal associated with it but |
| .Ev DISPLAY |
| and |
| .Ev SSH_ASKPASS |
| are set, it will execute the program specified by |
| .Ev SSH_ASKPASS |
| and open an X11 window to read the passphrase. |
| This is particularly useful when calling |
| .Nm |
| from a |
| .Pa .Xsession |
| or related script. |
| (Note that on some machines it |
| may be necessary to redirect the input from |
| .Pa /dev/null |
| to make this work.) |
| .It Ev SSH_AUTH_SOCK |
| Identifies the path of a unix-domain socket used to communicate with the |
| agent. |
| .El |
| .Sh DIAGNOSTICS |
| Exit status is 0 on success, 1 if the specified command fails, |
| and 2 if |
| .Nm |
| is unable to contact the authentication agent. |
| .Sh AUTHORS |
| OpenSSH is a derivative of the original and free |
| ssh 1.2.12 release by Tatu Ylonen. |
| Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
| Theo de Raadt and Dug Song |
| removed many bugs, re-added newer features and |
| created OpenSSH. |
| Markus Friedl contributed the support for SSH |
| protocol versions 1.5 and 2.0. |
| .Sh SEE ALSO |
| .Xr ssh 1 , |
| .Xr ssh-agent 1 , |
| .Xr ssh-keygen 1 , |
| .Xr sshd 8 |