# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-02-15 18:11+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Dd #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "$Mdocdate: June 17 2010 $" msgstr "" #. type: Dt #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SSH-COPY-ID 1" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Nm ssh-copy-id>" msgstr "" #. type: Nd #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "use locally available keys to authorise logins on a remote machine" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "E<.Nm> E<.Op Fl f> E<.Op Fl n> E<.Op Fl s> E<.Op Fl x> E<.Op Fl i Op Ar " "identity_file> E<.Op Fl p Ar port> E<.Op Fl o Ar ssh_option> E<.Op Fl t Ar " "target_path> E<.Op Ar user Ns @ Ns> E<.Ar hostname> E<.Nm> E<.Fl h | Fl ?>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "E<.Nm> is a script that uses E<.Xr ssh 1> to log into a remote machine " "(presumably using a login password, so password authentication should be " "enabled, unless you've done some clever use of multiple identities). It " "assembles a list of one or more fingerprints (as described below) and tries " "to log in with each key, to see if any of them are already installed (of " "course, if you are not using E<.Xr ssh-agent 1> this may result in you being " "repeatedly prompted for pass-phrases). It then assembles a list of those " "that failed to log in and, using E<.Xr ssh 1>, enables logins with those " "keys on the remote server. By default it adds the keys by appending them to " "the remote user's E<.Pa ~/.ssh/authorized_keys> (creating the file, and " "directory, if necessary). It is also capable of detecting if the remote " "system is a NetScreen, and using its E<.Ql set ssh pka-dsa key ...> command " "instead." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The options are as follows:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl i Ar identity_file" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Use only the key(s) contained in E<.Ar identity_file> (rather than looking " "for identities via E<.Xr ssh-add 1> or in the E<.Ic default_ID_file>). If " "the filename does not end in E<.Pa .pub> this is added. If the filename is " "omitted, the E<.Ic default_ID_file> is used." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Note that this can be used to ensure that the keys copied have the comment " "one prefers and/or extra options applied, by ensuring that the key file has " "these set as preferred before the copy is attempted." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl f" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Forced mode: doesn't check if the keys are present on the remote server. " "This means that it does not need the private key. Of course, this can " "result in more than one copy of the key being installed on the remote system." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "do a dry-run. Instead of installing keys on the remote system simply prints " "the key(s) that would have been installed." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl s" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "SFTP mode: usually the public keys are installed by executing commands on " "the remote side. With this option the user's E<.Pa ~/.ssh/authorized_keys> " "file will be downloaded, modified locally and uploaded with sftp. This " "option is useful if the server has restrictions on commands which can be " "used on the remote side." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Fl t Ar target_path" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "the path on the target system where the keys should be added (defaults to \"." "ssh/authorized_keys\")" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl p Ar port , Fl o Ar ssh_option" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "These two options are simply passed through untouched, along with their " "argument, to allow one to set the port or other E<.Xr ssh 1> options, " "respectively." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Rather than specifying these as command line options, it is often better to " "use (per-host) settings in E<.Xr ssh 1 Ns 's> configuration file: E<.Xr " "ssh_config 5>." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Fl x" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "This option is for debugging the E<.Nm> script itself. It sets the shell's -" "x flag, so that you can see the commands being run." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl h , Fl ?" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Print Usage summary" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Default behaviour without E<.Fl i>, is to check if E<.Ql ssh-add -L> " "provides any output, and if so those keys are used. Note that this results " "in the comment on the key being the filename that was given to E<.Xr ssh-add " "1> when the key was loaded into your E<.Xr ssh-agent 1> rather than the " "comment contained in that file, which is a bit of a shame. Otherwise, if E<." "Xr ssh-add 1> provides no keys contents of the E<.Ic default_ID_file> will " "be used." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The E<.Ic default_ID_file> is the most recent file that matches: E<.Pa ~/." "ssh/id*.pub>, (excluding those that match E<.Pa ~/.ssh/*-cert.pub>) so if " "you create a key that is not the one you want E<.Nm> to use, just use E<.Xr " "touch 1> on your preferred key's E<.Pa .pub> file to reinstate it as the " "most recent." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "EXAMPLES" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "If you have already installed keys from one system on a lot of remote hosts, " "and you then create a new key, on a new client machine, say, it can be " "difficult to keep track of which systems on which you've installed the new " "key. One way of dealing with this is to load both the new key and old " "key(s) into your E<.Xr ssh-agent 1>. Load the new key first, without the " "E<.Fl c> option, then load one or more old keys into the agent, possibly by " "ssh-ing to the client machine that has that old key, using the E<.Fl A> " "option to allow agent forwarding:" msgstr "" #. type: D1 #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "user@newclient$ ssh-add" msgstr "" #. type: D1 #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "user@newclient$ ssh -A old.client" msgstr "" #. type: D1 #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "user@oldl$ ssh-add -c" msgstr "" #. type: D1 #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "No ... prompt for pass-phrase ..." msgstr "" #. type: D1 #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "user@old$ logoff" msgstr "" #. type: D1 #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "user@newclient$ ssh someserver" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "now, if the new key is installed on the server, you'll be allowed in " "unprompted, whereas if you only have the old key(s) enabled, you'll be asked " "for confirmation, which is your cue to log back out and run" msgstr "" #. type: D1 #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "user@newclient$ ssh-copy-id -i someserver" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "The reason you might want to specify the E<.Fl i> option in this case is to " "ensure that the comment on the installed key is the one from the E<.Pa .pub> " "file, rather than just the filename that was loaded into your agent. It " "also ensures that only the id you intended is installed, rather than all the " "keys that you have in your E<.Xr ssh-agent 1>. Of course, you can specify " "another id, or use the contents of the E<.Xr ssh-agent 1> as you prefer." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Having mentioned E<.Xr ssh-add 1 Ns 's> E<.Fl c> option, you might consider " "using this whenever using agent forwarding to avoid your key being hijacked, " "but it is much better to instead use E<.Xr ssh 1 Ns 's> E<.Ar ProxyCommand> " "and E<.Fl W> option, to bounce through remote servers while always doing " "direct end-to-end authentication. This way the middle hop(s) don't get " "access to your E<.Xr ssh-agent 1>. A web search for E<.Ql ssh proxycommand " "nc> should prove enlightening (NB the modern approach is to use the E<.Fl W> " "option, rather than E<.Xr nc 1>)." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Xr ssh 1>, E<.Xr ssh-agent 1>, E<.Xr sshd 8>" msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "E<.Nm> E<.Op Fl f> E<.Op Fl n> E<.Op Fl s> E<.Op Fl i Op Ar identity_file> " "E<.Op Fl p Ar port> E<.Op Fl o Ar ssh_option> E<.Op Ar user Ns @ Ns> E<.Ar " "hostname> E<.Nm> E<.Fl h | Fl ?>" msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "E<.Nm> is a script that uses E<.Xr ssh 1> to log into a remote machine " "(presumably using a login password, so password authentication should be " "enabled, unless you've done some clever use of multiple identities). It " "assembles a list of one or more fingerprints (as described below) and tries " "to log in with each key, to see if any of them are already installed (of " "course, if you are not using E<.Xr ssh-agent 1> this may result in you being " "repeatedly prompted for pass-phrases). It then assembles a list of those " "that failed to log in, and using ssh, enables logins with those keys on the " "remote server. By default it adds the keys by appending them to the remote " "user's E<.Pa ~/.ssh/authorized_keys> (creating the file, and directory, if " "necessary). It is also capable of detecting if the remote system is a " "NetScreen, and using its E<.Ql set ssh pka-dsa key ...> command instead." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "If you have already installed keys from one system on a lot of remote hosts, " "and you then create a new key, on a new client machine, say, it can be " "difficult to keep track of which systems on which you've installed the new " "key. One way of dealing with this is to load both the new key and old " "key(s) into your E<.Xr ssh-agent 1>. Load the new key first, without the E<." "Fl c> option, then load one or more old keys into the agent, possibly by ssh-" "ing to the client machine that has that old key, using the E<.Fl A> option " "to allow agent forwarding:" msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "The reason you might want to specify the -i option in this case is to ensure " "that the comment on the installed key is the one from the E<.Pa .pub> file, " "rather than just the filename that was loaded into your agent. It also " "ensures that only the id you intended is installed, rather than all the keys " "that you have in your E<.Xr ssh-agent 1>. Of course, you can specify " "another id, or use the contents of the E<.Xr ssh-agent 1> as you prefer." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "Having mentioned E<.Xr ssh-add 1 Ns 's> E<.Fl c> option, you might consider " "using this whenever using agent forwarding to avoid your key being hijacked, " "but it is much better to instead use E<.Xr ssh 1 Ns 's> E<.Ar ProxyCommand> " "and E<.Fl W> option, to bounce through remote servers while always doing " "direct end-to-end authentication. This way the middle hop(s) don't get " "access to your E<.Xr ssh-agent 1>. A web search for E<.Ql ssh proxycommand " "nc> should prove enlightening (N.B. the modern approach is to use the E<.Fl " "W> option, rather than E<.Xr nc 1>)." msgstr ""