ssh-add - Cheap VPS LLC

SSH-ADD


Section: User Commands (1)
Index
Return to Main Contents


BSD mandoc

 

NAME

ssh-add

– adds RSA or DSA identities to the authentication agent

 

SYNOPSIS

ssh-add

[-cDdLlXx [-t life

]

]

[file ...

]


ssh-add

-s pkcs11


ssh-add

-e pkcs11


ssh-add

-n

[-T token

]

 

DESCRIPTION

ssh-add

adds RSA or DSA identities to the authentication agent,
ssh-agent1.

When run without arguments, it adds the files
~/.ssh/id_rsa

~/.ssh/id_dsa

and
~/.ssh/identity

After loading a private key,
ssh-add

will try to load corresponding certificate information from the
filename obtained by appending
-cert.pub

to the name of the private key file.
Alternative file names can be given on the command line.

If any file requires a passphrase,
ssh-add

asks for the passphrase from the user.
The passphrase is read from the user’s tty.
ssh-add

retries the last passphrase if multiple identity files are given.

The authentication agent must be running and the
SSH_AUTH_SOCK

environment variable must contain the name of its socket for
ssh-add

to work.

The options are as follows:


-c


Indicates that added identities should be subject to confirmation before
being used for authentication.
Confirmation is performed by the
SSH_ASKPASS

program mentioned below.
Successful confirmation is signaled by a zero exit status from the
SSH_ASKPASS

program, rather than text entered into the requester.

-D


Deletes all identities from the agent.
-d


Instead of adding identities, removes identities from the agent.
If
ssh-add

has been run without arguments, the keys for the default identities will
be removed.
Otherwise, the argument list will be interpreted as a list of paths to
public key files and matching keys will be removed from the agent.
If no public key is found at a given path,
ssh-add

will append
.pub

and retry.

-e pkcs11


Remove key provided by
pkcs11

-L


Lists public key parameters of all identities currently represented
by the agent.
-l


Lists fingerprints of all identities currently represented by the agent.
-s pkcs11


Add key provided by
pkcs11

-t life


Set a maximum lifetime when adding identities to an agent.
The lifetime may be specified in seconds or in a time format
specified in
-T token


Explicitly set token name.
sshd_config5.

-X


Unlock the agent.
-x


Lock the agent with a password.

 

ENVIRONMENT


DISPLAY and SSH_ASKPASS


If
ssh-add

needs a passphrase, it will read the passphrase from the current
terminal if it was run from a terminal.
If
ssh-add

does not have a terminal associated with it but
DISPLAY

and
SSH_ASKPASS

are set, it will execute the program specified by
SSH_ASKPASS

and open an X11 window to read the passphrase.
This is particularly useful when calling
ssh-add

from a
.xsession

or related script.
(Note that on some machines it
may be necessary to redirect the input from
/dev/null

to make this work.)

SSH_AUTH_SOCK


Identifies the path of a unix-domain socket used to communicate with the
agent.
SSH_USE_STRONG_RNG


The reseeding of the OpenSSL random generator is usually done from
/dev/urandom

If the
SSH_USE_STRONG_RNG

environment variable is set to value other than
0

the OpenSSL random generator is reseeded from
/dev/random

The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
Minimum is 14 bytes.
This setting is not recommended on the computers without the hardware
random generator because insufficient entropy causes the connection to
be blocked until enough entropy is available.


 

FILES


~/.ssh/identity



Contains the protocol version 1 RSA authentication identity of the user.
~/.ssh/id_dsa



Contains the protocol version 2 DSA authentication identity of the user.
~/.ssh/id_rsa



Contains the protocol version 2 RSA authentication identity of the user.

Identity files should not be readable by anyone but the user.
Note that
ssh-add

ignores identity files if they are accessible by others.
 

DIAGNOSTICS

Exit status is 0 on success, 1 if the specified command fails,
and 2 if
ssh-add

is unable to contact the authentication agent.
 

SEE ALSO

ssh(1),

ssh-agent1,

ssh-keygen1,

sshd(8)

 

AUTHORS

OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song
removed many bugs, re-added newer features and
created OpenSSH.
Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.



 

Index



NAME

SYNOPSIS

DESCRIPTION

ENVIRONMENT

FILES

DIAGNOSTICS

SEE ALSO

AUTHORS



Back to Top

PayPal Logo┬ęCheap VPS LLC - Leader of affordable VPS Hosting Services