ssh-add.0 revision 255670 
1SSH-ADD(1)                 OpenBSD Reference Manual                 SSH-ADD(1)
2
3NAME
4     ssh-add - adds private key identities to the authentication agent
5
6SYNOPSIS
7     ssh-add [-cDdkLlXx] [-t life] [file ...]
8     ssh-add -s pkcs11
9     ssh-add -e pkcs11
10
11DESCRIPTION
12     ssh-add adds private key identities to the authentication agent,
13     ssh-agent(1).  When run without arguments, it adds the files
14     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity.  After
15     loading a private key, ssh-add will try to load corresponding certificate
16     information from the filename obtained by appending -cert.pub to the name
17     of the private key file.  Alternative file names can be given on the
18     command line.
19
20     If any file requires a passphrase, ssh-add asks for the passphrase from
21     the user.  The passphrase is read from the user's tty.  ssh-add retries
22     the last passphrase if multiple identity files are given.
23
24     The authentication agent must be running and the SSH_AUTH_SOCK
25     environment variable must contain the name of its socket for ssh-add to
26     work.
27
28     The options are as follows:
29
30     -c      Indicates that added identities should be subject to confirmation
31             before being used for authentication.  Confirmation is performed
32             by the SSH_ASKPASS program mentioned below.  Successful
33             confirmation is signaled by a zero exit status from the
34             SSH_ASKPASS program, rather than text entered into the requester.
35
36     -D      Deletes all identities from the agent.
37
38     -d      Instead of adding identities, removes identities from the agent.
39             If ssh-add has been run without arguments, the keys for the
40             default identities and their corresponding certificates will be
41             removed.  Otherwise, the argument list will be interpreted as a
42             list of paths to public key files to specify keys and
43             certificates to be removed from the agent.  If no public key is
44             found at a given path, ssh-add will append .pub and retry.
45
46     -e pkcs11
47             Remove keys provided by the PKCS#11 shared library pkcs11.
48
49     -k      When loading keys into or deleting keys from the agent, process
50             plain private keys only and skip certificates.
51
52     -L      Lists public key parameters of all identities currently
53             represented by the agent.
54
55     -l      Lists fingerprints of all identities currently represented by the
56             agent.
57
58     -s pkcs11
59             Add keys provided by the PKCS#11 shared library pkcs11.
60
61     -t life
62             Set a maximum lifetime when adding identities to an agent.  The
63             lifetime may be specified in seconds or in a time format
64             specified in sshd_config(5).
65
66     -X      Unlock the agent.
67
68     -x      Lock the agent with a password.
69
70ENVIRONMENT
71     DISPLAY and SSH_ASKPASS
72             If ssh-add needs a passphrase, it will read the passphrase from
73             the current terminal if it was run from a terminal.  If ssh-add
74             does not have a terminal associated with it but DISPLAY and
75             SSH_ASKPASS are set, it will execute the program specified by
76             SSH_ASKPASS and open an X11 window to read the passphrase.  This
77             is particularly useful when calling ssh-add from a .xsession or
78             related script.  (Note that on some machines it may be necessary
79             to redirect the input from /dev/null to make this work.)
80
81     SSH_AUTH_SOCK
82             Identifies the path of a UNIX-domain socket used to communicate
83             with the agent.
84
85FILES
86     ~/.ssh/identity
87             Contains the protocol version 1 RSA authentication identity of
88             the user.
89
90     ~/.ssh/id_dsa
91             Contains the protocol version 2 DSA authentication identity of
92             the user.
93
94     ~/.ssh/id_ecdsa
95             Contains the protocol version 2 ECDSA authentication identity of
96             the user.
97
98     ~/.ssh/id_rsa
99             Contains the protocol version 2 RSA authentication identity of
100             the user.
101
102     Identity files should not be readable by anyone but the user.  Note that
103     ssh-add ignores identity files if they are accessible by others.
104
105EXIT STATUS
106     Exit status is 0 on success, 1 if the specified command fails, and 2 if
107     ssh-add is unable to contact the authentication agent.
108
109SEE ALSO
110     ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
111
112AUTHORS
113     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
114     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
115     de Raadt and Dug Song removed many bugs, re-added newer features and
116     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
117     versions 1.5 and 2.0.
118
119OpenBSD 5.4                    December 3, 2012                    OpenBSD 5.4
120