• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1SSH-ADD(1)                  General Commands Manual                 SSH-ADD(1)
2
3NAME
4     ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
5
6SYNOPSIS
7     ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...]
8     ssh-add -s pkcs11
9     ssh-add -e pkcs11
10
11DESCRIPTION
12     ssh-add adds private key identities to the authentication agent,
13     ssh-agent(1).  When run without arguments, it adds the files
14     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
15     ~/.ssh/identity.  After loading a private key, ssh-add will try to load
16     corresponding certificate information from the filename obtained by
17     appending -cert.pub to the name of the private key file.  Alternative
18     file names can be given on the command line.
19
20     If any file requires a passphrase, ssh-add asks for the passphrase from
21     the user.  The passphrase is read from the user's tty.  ssh-add retries
22     the last passphrase if multiple identity files are given.
23
24     The authentication agent must be running and the SSH_AUTH_SOCK
25     environment variable must contain the name of its socket for ssh-add to
26     work.
27
28     The options are as follows:
29
30     -c      Indicates that added identities should be subject to confirmation
31             before being used for authentication.  Confirmation is performed
32             by the SSH_ASKPASS program mentioned below.  Successful
33             confirmation is signaled by a zero exit status from the
34             SSH_ASKPASS program, rather than text entered into the requester.
35
36     -D      Deletes all identities from the agent.
37
38     -d      Instead of adding identities, removes identities from the agent.
39             If ssh-add has been run without arguments, the keys for the
40             default identities and their corresponding certificates will be
41             removed.  Otherwise, the argument list will be interpreted as a
42             list of paths to public key files to specify keys and
43             certificates to be removed from the agent.  If no public key is
44             found at a given path, ssh-add will append .pub and retry.
45
46     -E fingerprint_hash
47             Specifies the hash algorithm used when displaying key
48             fingerprints.  Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^].  The
49             default is M-bM-^@M-^\sha256M-bM-^@M-^].
50
51     -e pkcs11
52             Remove keys provided by the PKCS#11 shared library pkcs11.
53
54     -k      When loading keys into or deleting keys from the agent, process
55             plain private keys only and skip certificates.
56
57     -L      Lists public key parameters of all identities currently
58             represented by the agent.
59
60     -l      Lists fingerprints of all identities currently represented by the
61             agent.
62
63     -s pkcs11
64             Add keys provided by the PKCS#11 shared library pkcs11.
65
66     -t life
67             Set a maximum lifetime when adding identities to an agent.  The
68             lifetime may be specified in seconds or in a time format
69             specified in sshd_config(5).
70
71     -X      Unlock the agent.
72
73     -x      Lock the agent with a password.
74
75ENVIRONMENT
76     DISPLAY and SSH_ASKPASS
77             If ssh-add needs a passphrase, it will read the passphrase from
78             the current terminal if it was run from a terminal.  If ssh-add
79             does not have a terminal associated with it but DISPLAY and
80             SSH_ASKPASS are set, it will execute the program specified by
81             SSH_ASKPASS and open an X11 window to read the passphrase.  This
82             is particularly useful when calling ssh-add from a .xsession or
83             related script.  (Note that on some machines it may be necessary
84             to redirect the input from /dev/null to make this work.)
85
86     SSH_AUTH_SOCK
87             Identifies the path of a UNIX-domain socket used to communicate
88             with the agent.
89
90FILES
91     ~/.ssh/identity
92             Contains the protocol version 1 RSA authentication identity of
93             the user.
94
95     ~/.ssh/id_dsa
96             Contains the protocol version 2 DSA authentication identity of
97             the user.
98
99     ~/.ssh/id_ecdsa
100             Contains the protocol version 2 ECDSA authentication identity of
101             the user.
102
103     ~/.ssh/id_ed25519
104             Contains the protocol version 2 Ed25519 authentication identity
105             of the user.
106
107     ~/.ssh/id_rsa
108             Contains the protocol version 2 RSA authentication identity of
109             the user.
110
111     Identity files should not be readable by anyone but the user.  Note that
112     ssh-add ignores identity files if they are accessible by others.
113
114EXIT STATUS
115     Exit status is 0 on success, 1 if the specified command fails, and 2 if
116     ssh-add is unable to contact the authentication agent.
117
118SEE ALSO
119     ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
120
121AUTHORS
122     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
123     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
124     de Raadt and Dug Song removed many bugs, re-added newer features and
125     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
126     versions 1.5 and 2.0.
127
128OpenBSD 5.7                    December 21, 2014                   OpenBSD 5.7
129