| blob | 7de85f56fad1f8aac4d1e0e0c072faf4c5c1969f |
1 '\" te
2 .\" To view license terms, attribution, and copyright for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the
3 .\" installed location.
4 .\" Portions Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
5 .TH SSH-ADD 1 "May 20, 2009"
6 .SH NAME
7 ssh-add \- add RSA or DSA identities to the authentication agent
8 .SH SYNOPSIS
9 .LP
10 .nf
11 \fBssh-add\fR [\fB-lLdDxX\fR] [\fB-t\fR \fIlife\fR] [ \fIfile\fR ]...
12 .fi
14 .SH DESCRIPTION
15 .LP
16 The \fBssh-add\fR utility adds \fBRSA\fR or \fBDSA\fR identities to the
17 authentication agent, \fBssh-agent\fR(1). When run without arguments, it
18 attempts to add all of the files \fB$HOME/.ssh/identity\fR (RSA v1),
19 \fB$HOME/.ssh/id_rsa\fR (RSA v2), and \fB$HOME/.ssh/id_dsa\fR (DSA v2) that
20 exist. If more than one of the private keys exists, an attempt to decrypt each
21 with the same passphrase is made before reprompting for a different passphrase.
22 The passphrase is read from the user's tty or by running the program defined in
23 \fBSSH_ASKPASS\fR (see below).
24 .sp
25 .LP
26 The authentication agent must be running.
27 .SH OPTIONS
28 .LP
29 The following options are supported:
30 .sp
31 .ne 2
32 .na
33 \fB\fB-d\fR\fR
34 .ad
35 .RS 11n
36 Instead of adding the identity, this option \fBremoves\fR the identity from the
37 agent.
38 .RE
40 .sp
41 .ne 2
42 .na
43 \fB\fB-D\fR\fR
44 .ad
45 .RS 11n
46 Deletes all identities from the agent.
47 .RE
49 .sp
50 .ne 2
51 .na
52 \fB\fB-l\fR\fR
53 .ad
54 .RS 11n
55 Lists fingerprints of all identities currently represented by the agent.
56 .RE
58 .sp
59 .ne 2
60 .na
61 \fB\fB-L\fR\fR
62 .ad
63 .RS 11n
64 Lists public key parameters of all identities currently represented by the
65 agent.
66 .RE
68 .sp
69 .ne 2
70 .na
71 \fB\fB-t\fR \fIlife\fR\fR
72 .ad
73 .RS 11n
74 Sets a maximum lifetime when adding identities to an agent. The lifetime can be
75 specified in seconds or in a time format specified in \fBsshd\fR(1M).
76 .RE
78 .sp
79 .ne 2
80 .na
81 \fB\fB-x\fR\fR
82 .ad
83 .RS 11n
84 Locks the agent with a password.
85 .RE
87 .sp
88 .ne 2
89 .na
90 \fB\fB-X\fR\fR
91 .ad
92 .RS 11n
93 Unlocks the agent.
94 .RE
96 .SH ENVIRONMENT VARIABLES
97 .ne 2
98 .na
99 \fB\fBDISPLAY\fR\fR
100 .ad
101 .br
102 .na
103 \fB\fBSSH_ASKPASS\fR\fR
104 .ad
105 .RS 17n
106 If \fBssh-add\fR needs a passphrase, it reads the passphrase from the current
107 terminal if it was run from a terminal. If \fBssh-add\fR does not have a
108 terminal associated with it but \fBDISPLAY\fR and \fBSSH_ASKPASS\fR are set, it
109 executes the program specified by \fBSSH_ASKPASS\fR and open an X11 window to
110 read the passphrase. This is particularly useful when calling \fBssh-add\fR
111 from a .Xsession or related script. The system is shipped with
112 \fB/usr/lib/ssh/ssh-askpass\fR which is the default value for
113 \fBSSH_ASKPASS\fR.
114 .RE
116 .sp
117 .ne 2
118 .na
119 \fB\fBSSH_AUTH_SOCK\fR\fR
120 .ad
121 .RS 17n
122 Identifies the path of a unix-domain socket used to communicate with the agent.
123 .RE
125 .SH EXIT STATUS
126 .LP
127 The following exit values are returned:
128 .sp
129 .ne 2
130 .na
131 \fB\fB0\fR\fR
132 .ad
133 .RS 5n
134 Successful completion.
135 .RE
137 .sp
138 .ne 2
139 .na
140 \fB\fB1\fR\fR
141 .ad
142 .RS 5n
143 An error occurred.
144 .RE
146 .SH FILES
147 .LP
148 These files should not be readable by anyone but the user. Notice that
149 \fBssh-add\fR ignores a file if it is accessible by others. It is possible to
150 specify a passphrase when generating the key; that passphrase is used to
151 encrypt the private part of this file.
152 .sp
153 .LP
154 If these files are stored on a network file system it is assumed that either
155 the protection provided in the file themselves or the transport layer of the
156 network file system provides sufficient protection for the site policy. If this
157 is not the case, then it is recommended the key files are stored on removable
158 media or locally on the relevant hosts.
159 .sp
160 .LP
161 Recommended names for the \fBDSA\fR and \fBRSA\fR key files:
162 .sp
163 .ne 2
164 .na
165 \fB\fB$HOME/.ssh/identity\fR\fR
166 .ad
167 .RS 28n
168 Contains the \fBRSA\fR authentication identity of the user for protocol version
169 1.
170 .RE
172 .sp
173 .ne 2
174 .na
175 \fB\fB$HOME/.ssh/identity.pub\fR\fR
176 .ad
177 .RS 28n
178 Contains the public part of the \fBRSA\fR authentication identity of the user
179 for protocol version 1.
180 .RE
182 .sp
183 .ne 2
184 .na
185 \fB\fB$HOME/.ssh/id_dsa\fR\fR
186 .ad
187 .RS 28n
188 Contains the private \fBDSA\fR authentication identity of the user.
189 .RE
191 .sp
192 .ne 2
193 .na
194 \fB\fB$HOME/.ssh/id_dsa.pub\fR\fR
195 .ad
196 .RS 28n
197 Contains the public part of the DSA authentication identity of the user.
198 .RE
200 .sp
201 .ne 2
202 .na
203 \fB\fB$HOME/.ssh/id_rsa\fR\fR
204 .ad
205 .RS 28n
206 Contains the private \fBRSA\fR authentication identity of the user.
207 .RE
209 .sp
210 .ne 2
211 .na
212 \fB\fB$HOME/.ssh/id_rsa.pub\fR\fR
213 .ad
214 .RS 28n
215 Contains the public part of the \fBRSA\fR authentication identity of the user.
216 .RE
218 .sp
219 .ne 2
220 .na
221 \fB\fB/usr/lib/ssh/ssh-askpass\fR\fR
222 .ad
223 .RS 28n
224 Contains the default value for SSH_ASKPASS.
225 .RE
227 .SH ATTRIBUTES
228 .LP
229 See \fBattributes\fR(5) for descriptions of the following attributes:
230 .sp
232 .sp
233 .TS
234 box;
235 c | c
236 l | l .
237 ATTRIBUTE TYPE ATTRIBUTE VALUE
238 _
239 Interface Stability Committed
240 .TE
242 .SH SEE ALSO
243 .LP
244 \fBssh\fR(1), \fBssh-agent\fR(1), \fBssh-keygen\fR(1), \fBsshd\fR(1M),
245 \fBattributes\fR(5)