# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-02-15 18:11+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Dd #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "$Mdocdate: August 10 2023 $" msgstr "" #. type: Dt #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SSH-AGENT 1" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Nm ssh-agent>" msgstr "" #. type: Nd #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "OpenSSH authentication agent" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm ssh-agent> E<.Op Fl c | s> E<.Op Fl \\&Dd> E<.Op Fl a Ar bind_address> " "E<.Op Fl E Ar fingerprint_hash> E<.Op Fl O Ar option> E<.Op Fl P Ar " "allowed_providers> E<.Op Fl t Ar life> E<.Nm ssh-agent> E<.Op Fl a Ar " "bind_address> E<.Op Fl E Ar fingerprint_hash> E<.Op Fl O Ar option> E<.Op Fl " "P Ar allowed_providers> E<.Op Fl t Ar life> E<.Ar command Op Ar arg ...> E<." "Nm ssh-agent> E<.Op Fl c | s> E<.Fl k>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm> is a program to hold private keys used for public key " "authentication. Through use of environment variables the agent can be " "located and automatically used for authentication when logging in to other " "machines using E<.Xr ssh 1>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The options are as follows:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl a Ar bind_address" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Bind the agent to the E<.Ux Ns -domain> socket E<.Ar bind_address>. The " "default is E<.Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\\*(Ltppid\\*(Gt>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl c" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Generate C-shell commands on E<.Dv stdout>. This is the default if E<.Ev " "SHELL> looks like it's a csh style of shell." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl D" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Foreground mode. When this option is specified, E<.Nm> will not fork." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl d" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Debug mode. When this option is specified, E<.Nm> will not fork and will " "write debug information to standard error." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl E Ar fingerprint_hash" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the hash algorithm used when displaying key fingerprints. Valid " "options are: E<.Dq md5> and E<.Dq sha256>. The default is E<.Dq sha256>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl k" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Kill the current agent (given by the E<.Ev SSH_AGENT_PID> environment " "variable)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl O Ar option" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specify an option when starting E<.Nm>. Currently two options are " "supported: E<.Cm allow-remote-pkcs11> and E<.Cm no-restrict-websafe>." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "The E<.Cm allow-remote-pkcs11> option allows clients of a forwarded E<.Nm> " "to load PKCS#11 or FIDO provider libraries. By default only local clients " "may perform this operation. Note that signalling that an E<.Nm> client is " "remote is performed by E<.Xr ssh 1>, and use of other tools to forward " "access to the agent socket may circumvent this restriction." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "The E<.Cm no-restrict-websafe> option instructs E<.Nm> to permit signatures " "using FIDO keys that might be web authentication requests. By default, E<." "Nm> refuses signature requests for FIDO keys where the key application " "string does not start with E<.Dq ssh:> and when the data to be signed does " "not appear to be a E<.Xr ssh 1> user authentication request or a E<.Xr ssh-" "keygen 1> signature. The default behaviour prevents forwarded access to a " "FIDO key from also implicitly forwarding the ability to authenticate to " "websites." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl P Ar allowed_providers" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO " "authenticator middleware shared libraries that may be used with the E<.Fl S> " "or E<.Fl s> options to E<.Xr ssh-add 1>. Libraries that do not match the " "pattern list will be refused. See PATTERNS in E<.Xr ssh_config 5> for a " "description of pattern-list syntax. The default list is E<.Dq usr/lib*/*,/" "usr/local/lib*/*>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl s" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Generate Bourne shell commands on E<.Dv stdout>. This is the default if E<." "Ev SHELL> does not look like it's a csh style of shell." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl t Ar life" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Set a default value for the maximum lifetime of identities added to the " "agent. The lifetime may be specified in seconds or in a time format " "specified in E<.Xr sshd_config 5>. A lifetime specified for an identity " "with E<.Xr ssh-add 1> overrides this value. Without this option the default " "maximum lifetime is forever." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ar command Op Ar arg ..." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If a command (and optional arguments) is given, this is executed as a " "subprocess of the agent. The agent exits automatically when the command " "given on the command line terminates." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "There are two main ways to get an agent set up. The first is at the start " "of an X session, where all other windows or programs are started as children " "of the E<.Nm> program. The agent starts a command under which its " "environment variables are exported, for example E<.Cm ssh-agent xterm &>. " "When the command terminates, so does the agent." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The second method is used for a login session. When E<.Nm> is started, it " "prints the shell commands required to set its environment variables, which " "in turn can be evaluated in the calling shell, for example E<.Cm eval `ssh-" "agent -s`>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "In both cases, E<.Xr ssh 1> looks at these environment variables and uses " "them to establish a connection to the agent." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The agent initially does not have any private keys. Keys are added using E<." "Xr ssh-add 1> or by E<.Xr ssh 1> when E<.Cm AddKeysToAgent> is set in E<.Xr " "ssh_config 5>. Multiple identities may be stored in E<.Nm> concurrently and " "E<.Xr ssh 1> will automatically use them if present. E<.Xr ssh-add 1> is " "also used to remove keys from E<.Nm> and to query the keys that are held in " "one." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Connections to E<.Nm> may be forwarded from further remote hosts using the " "E<.Fl A> option to E<.Xr ssh 1> (but see the caveats documented therein), " "avoiding the need for authentication data to be stored on other machines. " "Authentication passphrases and private keys never go over the network: the " "connection to the agent is forwarded over SSH remote connections and the " "result is returned to the requester, allowing the user access to their " "identities anywhere in the network in a secure fashion." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ENVIRONMENT" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_AGENT_PID" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "When E<.Nm> starts, it stores the name of the agent's process ID (PID) in " "this variable." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_AUTH_SOCK" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "When E<.Nm> starts, it creates a E<.Ux Ns -domain> socket and stores its " "pathname in this variable. It is accessible only to the current user, but " "is easily abused by root or another instance of the same user." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "FILES" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa $TMPDIR/ssh-XXXXXXXXXX/agent.EppidE" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Ux Ns -domain> sockets used to contain the connection to the " "authentication agent. These sockets should only be readable by the owner. " "The sockets should get automatically removed when the agent exits." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Xr ssh 1>, E<.Xr ssh-add 1>, E<.Xr ssh-keygen 1>, E<.Xr ssh_config 5>, E<." "Xr sshd 8>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "AUTHORS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.An -nosplit> OpenSSH is a derivative of the original and free ssh 1.2.12 " "release by E<.An Tatu Ylonen>. E<.An Aaron Campbell , Bob Beck , Markus " "Friedl , Niels Provos , Theo de Raadt> and E<.An Dug Song> removed many " "bugs, re-added newer features and created OpenSSH. E<.An Markus Friedl> " "contributed the support for SSH protocol versions 1.5 and 2.0." msgstr "" #. type: Dd #: debian-bookworm mageia-cauldron #, no-wrap msgid "$Mdocdate: October 7 2022 $" msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "The E<.Cm allow-remote-pkcs11> option allows clients of a forwarded E<.Nm> " "to load PKCS#11 or FIDO provider libraries. By default only local clients " "may perform this operation. Note that signalling that a E<.Nm> client " "remote is performed by E<.Xr ssh 1>, and use of other tools to forward " "access to the agent socket may circumvent this restriction." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "The E<.Cm no-restrict-websafe>, instructs E<.Nm> to permit signatures using " "FIDO keys that might be web authentication requests. By default, E<.Nm> " "refuses signature requests for FIDO keys where the key application string " "does not start with E<.Dq ssh:> and when the data to be signed does not " "appear to be a E<.Xr ssh 1> user authentication request or a E<.Xr ssh-" "keygen 1> signature. The default behaviour prevents forwarded access to a " "FIDO key from also implicitly forwarding the ability to authenticate to " "websites." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO " "authenticator middleware shared libraries that may be used with the E<.Fl S> " "or E<.Fl s> options to E<.Xr ssh-add 1>. Libraries that do not match the " "pattern list will be refused. See PATTERNS in E<.Xr ssh_config 5> for a " "description of pattern-list syntax. The default list is E<.Dq /usr/lib/*,/" "usr/local/lib/*>." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "In Debian, E<.Nm> is installed with the set-group-id bit set, to prevent E<." "Xr ptrace 2> attacks retrieving private key material. This has the side-" "effect of causing the run-time linker to remove certain environment " "variables which might have security implications for set-id programs, " "including E<.Ev LD_PRELOAD>, E<.Ev LD_LIBRARY_PATH>, and E<.Ev TMPDIR>. If " "you need to set any of these environment variables, you will need to do so " "in the program executed by ssh-agent." msgstr ""