diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
| commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
| tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /ssh-add.0 | |
| parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
| parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) | |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'ssh-add.0')
| -rw-r--r-- | ssh-add.0 | 29 |
1 files changed, 16 insertions, 13 deletions
| @@ -5,17 +5,20 @@ NAME | |||
| 5 | 5 | ||
| 6 | SYNOPSIS | 6 | SYNOPSIS |
| 7 | ssh-add [-cDdLlXx] [-t life] [file ...] | 7 | ssh-add [-cDdLlXx] [-t life] [file ...] |
| 8 | ssh-add -s reader | 8 | ssh-add -s pkcs11 |
| 9 | ssh-add -e reader | 9 | ssh-add -e pkcs11 |
| 10 | 10 | ||
| 11 | DESCRIPTION | 11 | DESCRIPTION |
| 12 | ssh-add adds RSA or DSA identities to the authentication agent, | 12 | ssh-add adds RSA or DSA identities to the authentication agent, |
| 13 | ssh-agent(1). When run without arguments, it adds the files | 13 | ssh-agent(1). When run without arguments, it adds the files |
| 14 | ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. Alternative file names | 14 | ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. After loading a pri- |
| 15 | can be given on the command line. If any file requires a passphrase, | 15 | vate key, ssh-add will try to load corresponding certificate information |
| 16 | ssh-add asks for the passphrase from the user. The passphrase is read | 16 | from the filename obtained by appending -cert.pub to the name of the pri- |
| 17 | from the user's tty. ssh-add retries the last passphrase if multiple | 17 | vate key file. Alternative file names can be given on the command line. |
| 18 | identity files are given. | 18 | |
| 19 | If any file requires a passphrase, ssh-add asks for the passphrase from | ||
| 20 | the user. The passphrase is read from the user's tty. ssh-add retries | ||
| 21 | the last passphrase if multiple identity files are given. | ||
| 19 | 22 | ||
| 20 | The authentication agent must be running and the SSH_AUTH_SOCK environ- | 23 | The authentication agent must be running and the SSH_AUTH_SOCK environ- |
| 21 | ment variable must contain the name of its socket for ssh-add to work. | 24 | ment variable must contain the name of its socket for ssh-add to work. |
| @@ -37,8 +40,8 @@ DESCRIPTION | |||
| 37 | matching keys will be removed from the agent. If no public key | 40 | matching keys will be removed from the agent. If no public key |
| 38 | is found at a given path, ssh-add will append .pub and retry. | 41 | is found at a given path, ssh-add will append .pub and retry. |
| 39 | 42 | ||
| 40 | -e reader | 43 | -e pkcs11 |
| 41 | Remove key in smartcard reader. | 44 | Remove keys provided by the PKCS#11 shared library pkcs11. |
| 42 | 45 | ||
| 43 | -L Lists public key parameters of all identities currently repre- | 46 | -L Lists public key parameters of all identities currently repre- |
| 44 | sented by the agent. | 47 | sented by the agent. |
| @@ -46,8 +49,8 @@ DESCRIPTION | |||
| 46 | -l Lists fingerprints of all identities currently represented by the | 49 | -l Lists fingerprints of all identities currently represented by the |
| 47 | agent. | 50 | agent. |
| 48 | 51 | ||
| 49 | -s reader | 52 | -s pkcs11 |
| 50 | Add key in smartcard reader. | 53 | Add keys provided by the PKCS#11 shared library pkcs11. |
| 51 | 54 | ||
| 52 | -t life | 55 | -t life |
| 53 | Set a maximum lifetime when adding identities to an agent. The | 56 | Set a maximum lifetime when adding identities to an agent. The |
| @@ -70,7 +73,7 @@ ENVIRONMENT | |||
| 70 | to redirect the input from /dev/null to make this work.) | 73 | to redirect the input from /dev/null to make this work.) |
| 71 | 74 | ||
| 72 | SSH_AUTH_SOCK | 75 | SSH_AUTH_SOCK |
| 73 | Identifies the path of a unix-domain socket used to communicate | 76 | Identifies the path of a UNIX-domain socket used to communicate |
| 74 | with the agent. | 77 | with the agent. |
| 75 | 78 | ||
| 76 | FILES | 79 | FILES |
| @@ -103,4 +106,4 @@ AUTHORS | |||
| 103 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 106 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 104 | versions 1.5 and 2.0. | 107 | versions 1.5 and 2.0. |
| 105 | 108 | ||
| 106 | OpenBSD 4.6 June 12, 2007 2 | 109 | OpenBSD 4.6 March 5, 2010 2 |