1SSH-ADD(1)                 OpenBSD Reference Manual                 SSH-ADD(1)
2
3NAME
4     ssh-add - adds private key identities to the authentication agent
5
6SYNOPSIS
7     ssh-add [-cDdkLlXx] [-t life] [file ...]
8     ssh-add -s pkcs11
9     ssh-add -e pkcs11
10
11DESCRIPTION
12     ssh-add adds private key identities to the authentication agent,
13     ssh-agent(1).  When run without arguments, it adds the files
14     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
15     ~/.ssh/identity.  After loading a private key, ssh-add will try to load
16     corresponding certificate information from the filename obtained by
17     appending -cert.pub to the name of the private key file.  Alternative
18     file names can be given on the command line.
19
20     If any file requires a passphrase, ssh-add asks for the passphrase from
21     the user.  The passphrase is read from the user's tty.  ssh-add retries
22     the last passphrase if multiple identity files are given.
23
24     The authentication agent must be running and the SSH_AUTH_SOCK
25     environment variable must contain the name of its socket for ssh-add to
26     work.
27
28     The options are as follows:
29
30     -c      Indicates that added identities should be subject to confirmation
31             before being used for authentication.  Confirmation is performed
32             by the SSH_ASKPASS program mentioned below.  Successful
33             confirmation is signaled by a zero exit status from the
34             SSH_ASKPASS program, rather than text entered into the requester.
35
36     -D      Deletes all identities from the agent.
37
38     -d      Instead of adding identities, removes identities from the agent.
39             If ssh-add has been run without arguments, the keys for the
40             default identities and their corresponding certificates will be
41             removed.  Otherwise, the argument list will be interpreted as a
42             list of paths to public key files to specify keys and
43             certificates to be removed from the agent.  If no public key is
44             found at a given path, ssh-add will append .pub and retry.
45
46     -e pkcs11
47             Remove keys provided by the PKCS#11 shared library pkcs11.
48
49     -k      When loading keys into or deleting keys from the agent, process
50             plain private keys only and skip certificates.
51
52     -L      Lists public key parameters of all identities currently
53             represented by the agent.
54
55     -l      Lists fingerprints of all identities currently represented by the
56             agent.
57
58     -s pkcs11
59             Add keys provided by the PKCS#11 shared library pkcs11.
60
61     -t life
62             Set a maximum lifetime when adding identities to an agent.  The
63             lifetime may be specified in seconds or in a time format
64             specified in sshd_config(5).
65
66     -X      Unlock the agent.
67
68     -x      Lock the agent with a password.
69
70ENVIRONMENT
71     DISPLAY and SSH_ASKPASS
72             If ssh-add needs a passphrase, it will read the passphrase from
73             the current terminal if it was run from a terminal.  If ssh-add
74             does not have a terminal associated with it but DISPLAY and
75             SSH_ASKPASS are set, it will execute the program specified by
76             SSH_ASKPASS and open an X11 window to read the passphrase.  This
77             is particularly useful when calling ssh-add from a .xsession or
78             related script.  (Note that on some machines it may be necessary
79             to redirect the input from /dev/null to make this work.)
80
81     SSH_AUTH_SOCK
82             Identifies the path of a UNIX-domain socket used to communicate
83             with the agent.
84
85FILES
86     ~/.ssh/identity
87             Contains the protocol version 1 RSA authentication identity of
88             the user.
89
90     ~/.ssh/id_dsa
91             Contains the protocol version 2 DSA authentication identity of
92             the user.
93
94     ~/.ssh/id_ecdsa
95             Contains the protocol version 2 ECDSA authentication identity of
96             the user.
97
98     ~/.ssh/id_ed25519
99             Contains the protocol version 2 ED25519 authentication identity
100             of the user.
101
102     ~/.ssh/id_rsa
103             Contains the protocol version 2 RSA authentication identity of
104             the user.
105
106     Identity files should not be readable by anyone but the user.  Note that
107     ssh-add ignores identity files if they are accessible by others.
108
109EXIT STATUS
110     Exit status is 0 on success, 1 if the specified command fails, and 2 if
111     ssh-add is unable to contact the authentication agent.
112
113SEE ALSO
114     ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
115
116AUTHORS
117     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
118     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
119     de Raadt and Dug Song removed many bugs, re-added newer features and
120     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
121     versions 1.5 and 2.0.
122
123OpenBSD 5.5                    December 7, 2013                    OpenBSD 5.5
124