summaryrefslogtreecommitdiffstats
path: root/ssh-agent.0
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-agent.0')
-rw-r--r--ssh-agent.0120
1 files changed, 120 insertions, 0 deletions
diff --git a/ssh-agent.0 b/ssh-agent.0
new file mode 100644
index 0000000..f4575d0
--- /dev/null
+++ b/ssh-agent.0
@@ -0,0 +1,120 @@
+SSH-AGENT(1) General Commands Manual SSH-AGENT(1)
+
+NAME
+ ssh-agent M-bM-^@M-^S authentication agent
+
+SYNOPSIS
+ ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
+ [-P pkcs11_whitelist] [-t life] [command [arg ...]]
+ ssh-agent [-c | -s] -k
+
+DESCRIPTION
+ ssh-agent is a program to hold private keys used for public key
+ authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started
+ in the beginning of an X-session or a login session, and all other
+ windows or programs are started as clients to the ssh-agent program.
+ Through use of environment variables the agent can be located and
+ automatically used for authentication when logging in to other machines
+ using ssh(1).
+
+ The agent initially does not have any private keys. Keys are added using
+ ssh(1) (see AddKeysToAgent in ssh_config(5) for details) or ssh-add(1).
+ Multiple identities may be stored in ssh-agent concurrently and ssh(1)
+ will automatically use them if present. ssh-add(1) is also used to
+ remove keys from ssh-agent and to query the keys that are held in one.
+
+ The options are as follows:
+
+ -a bind_address
+ Bind the agent to the UNIX-domain socket bind_address. The
+ default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>.
+
+ -c Generate C-shell commands on stdout. This is the default if
+ SHELL looks like it's a csh style of shell.
+
+ -D Foreground mode. When this option is specified ssh-agent will
+ not fork.
+
+ -d Debug mode. When this option is specified ssh-agent will not
+ fork and will write debug information to standard error.
+
+ -E fingerprint_hash
+ Specifies the hash algorithm used when displaying key
+ fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
+ default is M-bM-^@M-^\sha256M-bM-^@M-^].
+
+ -k Kill the current agent (given by the SSH_AGENT_PID environment
+ variable).
+
+ -P pkcs11_whitelist
+ Specify a pattern-list of acceptable paths for PKCS#11 shared
+ libraries that may be added using the -s option to ssh-add(1).
+ The default is to allow loading PKCS#11 libraries from
+ M-bM-^@M-^\/usr/lib/*,/usr/local/lib/*M-bM-^@M-^]. PKCS#11 libraries that do not
+ match the whitelist will be refused. See PATTERNS in
+ ssh_config(5) for a description of pattern-list syntax.
+
+ -s Generate Bourne shell commands on stdout. This is the default if
+ SHELL does not look like it's a csh style of shell.
+
+ -t life
+ Set a default value for the maximum lifetime of identities added
+ to the agent. The lifetime may be specified in seconds or in a
+ time format specified in sshd_config(5). A lifetime specified
+ for an identity with ssh-add(1) overrides this value. Without
+ this option the default maximum lifetime is forever.
+
+ If a command line is given, this is executed as a subprocess of the
+ agent. When the command dies, so does the agent.
+
+ The idea is that the agent is run in the user's local PC, laptop, or
+ terminal. Authentication data need not be stored on any other machine,
+ and authentication passphrases never go over the network. However, the
+ connection to the agent is forwarded over SSH remote logins, and the user
+ can thus use the privileges given by the identities anywhere in the
+ network in a secure way.
+
+ There are two main ways to get an agent set up: The first is that the
+ agent starts a new subcommand into which some environment variables are
+ exported, eg ssh-agent xterm &. The second is that the agent prints the
+ needed shell commands (either sh(1) or csh(1) syntax can be generated)
+ which can be evaluated in the calling shell, eg eval `ssh-agent -s` for
+ Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for
+ csh(1) and derivatives.
+
+ Later ssh(1) looks at these variables and uses them to establish a
+ connection to the agent.
+
+ The agent will never send a private key over its request channel.
+ Instead, operations that require a private key will be performed by the
+ agent, and the result will be returned to the requester. This way,
+ private keys are not exposed to clients using the agent.
+
+ A UNIX-domain socket is created and the name of this socket is stored in
+ the SSH_AUTH_SOCK environment variable. The socket is made accessible
+ only to the current user. This method is easily abused by root or
+ another instance of the same user.
+
+ The SSH_AGENT_PID environment variable holds the agent's process ID.
+
+ The agent exits automatically when the command given on the command line
+ terminates.
+
+FILES
+ $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
+ UNIX-domain sockets used to contain the connection to the
+ authentication agent. These sockets should only be readable by
+ the owner. The sockets should get automatically removed when the
+ agent exits.
+
+SEE ALSO
+ ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 6.4 November 30, 2016 OpenBSD 6.4