1.\" $OpenBSD: ssh-add.1,v 1.40 2003/11/25 23:10:08 matthieu Exp $ 2.\" 3.\" -*- nroff -*- 4.\" 5.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7.\" All rights reserved 8.\" 9.\" As far as I am concerned, the code I have written for this software 10.\" can be used freely for any purpose. Any derived versions of this 11.\" software must be clearly marked as such, and if the derived work is 12.\" incompatible with the protocol description in the RFC file, it must be 13.\" called by a name other than "ssh" or "Secure Shell". 14.\" 15.\" 16.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 17.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 18.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 19.\" 20.\" Redistribution and use in source and binary forms, with or without 21.\" modification, are permitted provided that the following conditions 22.\" are met: 23.\" 1. Redistributions of source code must retain the above copyright 24.\" notice, this list of conditions and the following disclaimer. 25.\" 2. Redistributions in binary form must reproduce the above copyright 26.\" notice, this list of conditions and the following disclaimer in the 27.\" documentation and/or other materials provided with the distribution. 28.\" 29.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 30.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 31.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 32.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 33.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 34.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 35.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 36.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 37.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 38.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 39.\" 40.Dd September 25, 1999 41.Dt SSH-ADD 1 42.Os 43.Sh NAME 44.Nm ssh-add 45.Nd adds RSA or DSA identities to the authentication agent 46.Sh SYNOPSIS 47.Nm ssh-add 48.Op Fl lLdDxXc 49.Op Fl t Ar life 50.Op Ar 51.Nm ssh-add 52.Fl s Ar reader 53.Nm ssh-add 54.Fl e Ar reader 55.Sh DESCRIPTION 56.Nm 57adds RSA or DSA identities to the authentication agent, 58.Xr ssh-agent 1 . 59When run without arguments, it adds the files 60.Pa $HOME/.ssh/id_rsa , 61.Pa $HOME/.ssh/id_dsa 62and 63.Pa $HOME/.ssh/identity . 64Alternative file names can be given on the command line. 65If any file requires a passphrase, 66.Nm 67asks for the passphrase from the user. 68The passphrase is read from the user's tty. 69.Nm 70retries the last passphrase if multiple identity files are given. 71.Pp 72The authentication agent must be running and the 73.Ev SSH_AUTH_SOCK 74environment variable must contain the name of its socket for 75.Nm 76to work. 77.Pp 78The options are as follows: 79.Bl -tag -width Ds 80.It Fl l 81Lists fingerprints of all identities currently represented by the agent. 82.It Fl L 83Lists public key parameters of all identities currently represented by the agent. 84.It Fl d 85Instead of adding the identity, removes the identity from the agent. 86.It Fl D 87Deletes all identities from the agent. 88.It Fl x 89Lock the agent with a password. 90.It Fl X 91Unlock the agent. 92.It Fl t Ar life 93Set a maximum lifetime when adding identities to an agent. 94The lifetime may be specified in seconds or in a time format 95specified in 96.Xr sshd_config 5 . 97.It Fl c 98Indicates that added identities should be subject to confirmation before 99being used for authentication. 100Confirmation is performed by the 101.Ev SSH_ASKPASS 102program mentioned below. 103Successful confirmation is signaled by a zero exit status from the 104.Ev SSH_ASKPASS 105program, rather than text entered into the requester. 106.It Fl s Ar reader 107Add key in smartcard 108.Ar reader . 109.It Fl e Ar reader 110Remove key in smartcard 111.Ar reader . 112.El 113.Sh ENVIRONMENT 114.Bl -tag -width Ds 115.It Ev "DISPLAY" and "SSH_ASKPASS" 116If 117.Nm 118needs a passphrase, it will read the passphrase from the current 119terminal if it was run from a terminal. 120If 121.Nm 122does not have a terminal associated with it but 123.Ev DISPLAY 124and 125.Ev SSH_ASKPASS 126are set, it will execute the program specified by 127.Ev SSH_ASKPASS 128and open an X11 window to read the passphrase. 129This is particularly useful when calling 130.Nm 131from a 132.Pa .Xsession 133or related script. 134(Note that on some machines it 135may be necessary to redirect the input from 136.Pa /dev/null 137to make this work.) 138.It Ev SSH_AUTH_SOCK 139Identifies the path of a unix-domain socket used to communicate with the 140agent. 141.El 142.Sh FILES 143.Bl -tag -width Ds 144.It Pa $HOME/.ssh/identity 145Contains the protocol version 1 RSA authentication identity of the user. 146.It Pa $HOME/.ssh/id_dsa 147Contains the protocol version 2 DSA authentication identity of the user. 148.It Pa $HOME/.ssh/id_rsa 149Contains the protocol version 2 RSA authentication identity of the user. 150.El 151.Pp 152Identity files should not be readable by anyone but the user. 153Note that 154.Nm 155ignores identity files if they are accessible by others. 156.Sh DIAGNOSTICS 157Exit status is 0 on success, 1 if the specified command fails, 158and 2 if 159.Nm 160is unable to contact the authentication agent. 161.Sh SEE ALSO 162.Xr ssh 1 , 163.Xr ssh-agent 1 , 164.Xr ssh-keygen 1 , 165.Xr sshd 8 166.Sh AUTHORS 167OpenSSH is a derivative of the original and free 168ssh 1.2.12 release by Tatu Ylonen. 169Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 170Theo de Raadt and Dug Song 171removed many bugs, re-added newer features and 172created OpenSSH. 173Markus Friedl contributed the support for SSH 174protocol versions 1.5 and 2.0. 175