1 '\" te 2 .\" To view license terms, attribution, and copyright for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the 3 .\" installed location. 4 .\" Portions Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved. 5 .TH SSH-ADD 1 "May 20, 2009" 6 .SH NAME 7 ssh-add \- add RSA or DSA identities to the authentication agent 8 .SH SYNOPSIS 9 .LP 10 .nf 11 \fBssh-add\fR [\fB-lLdDxX\fR] [\fB-t\fR \fIlife\fR] [ \fIfile\fR ]... 12 .fi 13 14 .SH DESCRIPTION 15 .LP 16 The \fBssh-add\fR utility adds \fBRSA\fR or \fBDSA\fR identities to the 17 authentication agent, \fBssh-agent\fR(1). When run without arguments, it 18 attempts to add all of the files \fB$HOME/.ssh/identity\fR (RSA v1), 19 \fB$HOME/.ssh/id_rsa\fR (RSA v2), and \fB$HOME/.ssh/id_dsa\fR (DSA v2) that 20 exist. If more than one of the private keys exists, an attempt to decrypt each 21 with the same passphrase is made before reprompting for a different passphrase. 22 The passphrase is read from the user's tty or by running the program defined in 23 \fBSSH_ASKPASS\fR (see below). 24 .sp 25 .LP 26 The authentication agent must be running. 27 .SH OPTIONS 28 .LP 29 The following options are supported: 30 .sp 31 .ne 2 32 .na 33 \fB\fB-d\fR\fR 34 .ad 35 .RS 11n 36 Instead of adding the identity, this option \fBremoves\fR the identity from the 37 agent. 38 .RE 39 40 .sp 41 .ne 2 42 .na 43 \fB\fB-D\fR\fR 44 .ad 45 .RS 11n 46 Deletes all identities from the agent. 47 .RE 48 49 .sp 50 .ne 2 51 .na 52 \fB\fB-l\fR\fR 53 .ad 54 .RS 11n 55 Lists fingerprints of all identities currently represented by the agent. 56 .RE 57 58 .sp 59 .ne 2 60 .na 61 \fB\fB-L\fR\fR 62 .ad 63 .RS 11n 64 Lists public key parameters of all identities currently represented by the 65 agent. 66 .RE 67 68 .sp 69 .ne 2 70 .na 71 \fB\fB-t\fR \fIlife\fR\fR 72 .ad 73 .RS 11n 74 Sets a maximum lifetime when adding identities to an agent. The lifetime can be 75 specified in seconds or in a time format specified in \fBsshd\fR(1M). 76 .RE 77 78 .sp 79 .ne 2 80 .na 81 \fB\fB-x\fR\fR 82 .ad 83 .RS 11n 84 Locks the agent with a password. 85 .RE 86 87 .sp 88 .ne 2 89 .na 90 \fB\fB-X\fR\fR 91 .ad 92 .RS 11n 93 Unlocks the agent. 94 .RE 95 96 .SH ENVIRONMENT VARIABLES 97 .ne 2 98 .na 99 \fB\fBDISPLAY\fR\fR 100 .ad 101 .br 102 .na 103 \fB\fBSSH_ASKPASS\fR\fR 104 .ad 105 .RS 17n 106 If \fBssh-add\fR needs a passphrase, it reads the passphrase from the current 107 terminal if it was run from a terminal. If \fBssh-add\fR does not have a 108 terminal associated with it but \fBDISPLAY\fR and \fBSSH_ASKPASS\fR are set, it 109 executes the program specified by \fBSSH_ASKPASS\fR and open an X11 window to 110 read the passphrase. This is particularly useful when calling \fBssh-add\fR 111 from a .Xsession or related script. The system is shipped with 112 \fB/usr/lib/ssh/ssh-askpass\fR which is the default value for 113 \fBSSH_ASKPASS\fR. 114 .RE 115 116 .sp 117 .ne 2 118 .na 119 \fB\fBSSH_AUTH_SOCK\fR\fR 120 .ad 121 .RS 17n 122 Identifies the path of a unix-domain socket used to communicate with the agent. 123 .RE 124 125 .SH EXIT STATUS 126 .LP 127 The following exit values are returned: 128 .sp 129 .ne 2 130 .na 131 \fB\fB0\fR\fR 132 .ad 133 .RS 5n 134 Successful completion. 135 .RE 136 137 .sp 138 .ne 2 139 .na 140 \fB\fB1\fR\fR 141 .ad 142 .RS 5n 143 An error occurred. 144 .RE 145 146 .SH FILES 147 .LP 148 These files should not be readable by anyone but the user. Notice that 149 \fBssh-add\fR ignores a file if it is accessible by others. It is possible to 150 specify a passphrase when generating the key; that passphrase is used to 151 encrypt the private part of this file. 152 .sp 153 .LP 154 If these files are stored on a network file system it is assumed that either 155 the protection provided in the file themselves or the transport layer of the 156 network file system provides sufficient protection for the site policy. If this 157 is not the case, then it is recommended the key files are stored on removable 158 media or locally on the relevant hosts. 159 .sp 160 .LP 161 Recommended names for the \fBDSA\fR and \fBRSA\fR key files: 162 .sp 163 .ne 2 164 .na 165 \fB\fB$HOME/.ssh/identity\fR\fR 166 .ad 167 .RS 28n 168 Contains the \fBRSA\fR authentication identity of the user for protocol version 169 1. 170 .RE 171 172 .sp 173 .ne 2 174 .na 175 \fB\fB$HOME/.ssh/identity.pub\fR\fR 176 .ad 177 .RS 28n 178 Contains the public part of the \fBRSA\fR authentication identity of the user 179 for protocol version 1. 180 .RE 181 182 .sp 183 .ne 2 184 .na 185 \fB\fB$HOME/.ssh/id_dsa\fR\fR 186 .ad 187 .RS 28n 188 Contains the private \fBDSA\fR authentication identity of the user. 189 .RE 190 191 .sp 192 .ne 2 193 .na 194 \fB\fB$HOME/.ssh/id_dsa.pub\fR\fR 195 .ad 196 .RS 28n 197 Contains the public part of the DSA authentication identity of the user. 198 .RE 199 200 .sp 201 .ne 2 202 .na 203 \fB\fB$HOME/.ssh/id_rsa\fR\fR 204 .ad 205 .RS 28n 206 Contains the private \fBRSA\fR authentication identity of the user. 207 .RE 208 209 .sp 210 .ne 2 211 .na 212 \fB\fB$HOME/.ssh/id_rsa.pub\fR\fR 213 .ad 214 .RS 28n 215 Contains the public part of the \fBRSA\fR authentication identity of the user. 216 .RE 217 218 .sp 219 .ne 2 220 .na 221 \fB\fB/usr/lib/ssh/ssh-askpass\fR\fR 222 .ad 223 .RS 28n 224 Contains the default value for SSH_ASKPASS. 225 .RE 226 227 .SH ATTRIBUTES 228 .LP 229 See \fBattributes\fR(5) for descriptions of the following attributes: 230 .sp 231 232 .sp 233 .TS 234 box; 235 c | c 236 l | l . 237 ATTRIBUTE TYPE ATTRIBUTE VALUE 238 _ 239 Interface Stability Committed 240 .TE 241 242 .SH SEE ALSO 243 .LP 244 \fBssh\fR(1), \fBssh-agent\fR(1), \fBssh-keygen\fR(1), \fBsshd\fR(1M), 245 \fBattributes\fR(5)