diff options
| author | Colin Watson <cjwatson@debian.org> | 2011-01-24 12:43:25 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2011-01-24 12:43:25 +0000 |
| commit | 626f1d986ff72aa514da63e34744e1de9cf21b9a (patch) | |
| tree | d215a5280bc2e57251e4a9e08bfd3674ad824a94 /ssh-agent.0 | |
| parent | 6ed622cb6fe8f71bbe0d998cdd12280410bfb420 (diff) | |
| parent | 0970072c89b079b022538e3c366fbfa2c53fc821 (diff) | |
* New upstream release (http://www.openssh.org/txt/release-5.7):
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
offer better performance than plain DH and DSA at the same equivalent
symmetric key length, as well as much shorter keys.
- sftp(1)/sftp-server(8): add a protocol extension to support a hard
link operation. It is available through the "ln" command in the
client. The old "ln" behaviour of creating a symlink is available
using its "-s" option or through the preexisting "symlink" command.
- scp(1): Add a new -3 option to scp: Copies between two remote hosts
are transferred through the local host (closes: #508613).
- ssh(1): "atomically" create the listening mux socket by binding it on
a temporary name and then linking it into position after listen() has
succeeded. This allows the mux clients to determine that the server
socket is either ready or stale without races (closes: #454784).
Stale server sockets are now automatically removed (closes: #523250).
- ssh(1): install a SIGCHLD handler to reap expired child process
(closes: #594687).
- ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
temporary directories (closes: #357469, although only if you arrange
for ssh-agent to actually see $TMPDIR since the setgid bit will cause
it to be stripped off).
Diffstat (limited to 'ssh-agent.0')
| -rw-r--r-- | ssh-agent.0 | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/ssh-agent.0 b/ssh-agent.0 index dfc82a966..7fe1560d3 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 | |||
| @@ -9,17 +9,18 @@ SYNOPSIS | |||
| 9 | 9 | ||
| 10 | DESCRIPTION | 10 | DESCRIPTION |
| 11 | ssh-agent is a program to hold private keys used for public key | 11 | ssh-agent is a program to hold private keys used for public key |
| 12 | authentication (RSA, DSA). The idea is that ssh-agent is started in the | 12 | authentication (RSA, DSA, ECDSA). The idea is that ssh-agent is started |
| 13 | beginning of an X-session or a login session, and all other windows or | 13 | in the beginning of an X-session or a login session, and all other |
| 14 | programs are started as clients to the ssh-agent program. Through use of | 14 | windows or programs are started as clients to the ssh-agent program. |
| 15 | environment variables the agent can be located and automatically used for | 15 | Through use of environment variables the agent can be located and |
| 16 | authentication when logging in to other machines using ssh(1). | 16 | automatically used for authentication when logging in to other machines |
| 17 | using ssh(1). | ||
| 17 | 18 | ||
| 18 | The options are as follows: | 19 | The options are as follows: |
| 19 | 20 | ||
| 20 | -a bind_address | 21 | -a bind_address |
| 21 | Bind the agent to the UNIX-domain socket bind_address. The | 22 | Bind the agent to the UNIX-domain socket bind_address. The |
| 22 | default is /tmp/ssh-XXXXXXXXXX/agent.<ppid>. | 23 | default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>. |
| 23 | 24 | ||
| 24 | -c Generate C-shell commands on stdout. This is the default if | 25 | -c Generate C-shell commands on stdout. This is the default if |
| 25 | SHELL looks like it's a csh style of shell. | 26 | SHELL looks like it's a csh style of shell. |
| @@ -45,13 +46,13 @@ DESCRIPTION | |||
| 45 | 46 | ||
| 46 | The agent initially does not have any private keys. Keys are added using | 47 | The agent initially does not have any private keys. Keys are added using |
| 47 | ssh-add(1). When executed without arguments, ssh-add(1) adds the files | 48 | ssh-add(1). When executed without arguments, ssh-add(1) adds the files |
| 48 | ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. If the identity has a | 49 | ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. If |
| 49 | passphrase, ssh-add(1) asks for the passphrase on the terminal if it has | 50 | the identity has a passphrase, ssh-add(1) asks for the passphrase on the |
| 50 | one or from a small X11 program if running under X11. If neither of | 51 | terminal if it has one or from a small X11 program if running under X11. |
| 51 | these is the case then the authentication will fail. It then sends the | 52 | If neither of these is the case then the authentication will fail. It |
| 52 | identity to the agent. Several identities can be stored in the agent; | 53 | then sends the identity to the agent. Several identities can be stored |
| 53 | the agent can automatically use any of these identities. ssh-add -l | 54 | in the agent; the agent can automatically use any of these identities. |
| 54 | displays the identities currently held by the agent. | 55 | ssh-add -l displays the identities currently held by the agent. |
| 55 | 56 | ||
| 56 | The idea is that the agent is run in the user's local PC, laptop, or | 57 | The idea is that the agent is run in the user's local PC, laptop, or |
| 57 | terminal. Authentication data need not be stored on any other machine, | 58 | terminal. Authentication data need not be stored on any other machine, |
| @@ -95,11 +96,15 @@ FILES | |||
| 95 | Contains the protocol version 2 DSA authentication identity of | 96 | Contains the protocol version 2 DSA authentication identity of |
| 96 | the user. | 97 | the user. |
| 97 | 98 | ||
| 99 | ~/.ssh/id_ecdsa | ||
| 100 | Contains the protocol version 2 ECDSA authentication identity of | ||
| 101 | the user. | ||
| 102 | |||
| 98 | ~/.ssh/id_rsa | 103 | ~/.ssh/id_rsa |
| 99 | Contains the protocol version 2 RSA authentication identity of | 104 | Contains the protocol version 2 RSA authentication identity of |
| 100 | the user. | 105 | the user. |
| 101 | 106 | ||
| 102 | /tmp/ssh-XXXXXXXXXX/agent.<ppid> | 107 | $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> |
| 103 | UNIX-domain sockets used to contain the connection to the | 108 | UNIX-domain sockets used to contain the connection to the |
| 104 | authentication agent. These sockets should only be readable by | 109 | authentication agent. These sockets should only be readable by |
| 105 | the owner. The sockets should get automatically removed when the | 110 | the owner. The sockets should get automatically removed when the |
| @@ -115,4 +120,4 @@ AUTHORS | |||
| 115 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 120 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 116 | versions 1.5 and 2.0. | 121 | versions 1.5 and 2.0. |
| 117 | 122 | ||
| 118 | OpenBSD 4.8 January 17, 2010 OpenBSD 4.8 | 123 | OpenBSD 4.8 November 21, 2010 OpenBSD 4.8 |