diff options
| author | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:33:32 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:33:32 +0000 |
| commit | 58bfa257481a1c6938ada9bbd38801cc45633fb0 (patch) | |
| tree | 385160ff5c19376a1e1bfd34fcf5c91cff42908e /ssh-agent.0 | |
| parent | ae225aa5594655e3fa5685b4dd7f2ae0e1a5e2d7 (diff) | |
| parent | 58657d96514cd6f16d82add8d6f4adbb36765758 (diff) | |
Import OpenSSH 3.6p1.
Diffstat (limited to 'ssh-agent.0')
| -rw-r--r-- | ssh-agent.0 | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/ssh-agent.0 b/ssh-agent.0 new file mode 100644 index 000000000..aa7aebf03 --- /dev/null +++ b/ssh-agent.0 | |||
| @@ -0,0 +1,114 @@ | |||
| 1 | SSHM-bM-^@M-^PAGENT(1) BSD General Commands Manual SSHM-bM-^@M-^PAGENT(1) | ||
| 2 | |||
| 3 | ^[[1mNAME^[[0m | ||
| 4 | ^[[1msshM-bM-^@M-^Pagent ^[[22mM-bMM-^R authentication agent | ||
| 5 | |||
| 6 | ^[[1mSYNOPSIS^[[0m | ||
| 7 | ^[[1msshM-bM-^@M-^Pagent ^[[22m[^[[1mM-bMM-^Ra ^[[4m^[[22mbind_address^[[24m] [^[[1mM-bMM-^Rc ^[[22m| ^[[1mM-bMM-^Rs^[[22m] [^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[24m] [^[[1mM-bMM-^Rd^[[22m] [^[[4mcommand^[[24m [^[[4margs^[[24m ^[[4m...^[[24m]] | ||
| 8 | ^[[1msshM-bM-^@M-^Pagent ^[[22m[^[[1mM-bMM-^Rc ^[[22m| ^[[1mM-bMM-^Rs^[[22m] ^[[1mM-bMM-^Rk^[[0m | ||
| 9 | |||
| 10 | ^[[1mDESCRIPTION^[[0m | ||
| 11 | ^[[1msshM-bM-^@M-^Pagent ^[[22mis a program to hold private keys used for public key authentiM-bM-^@M-^P | ||
| 12 | cation (RSA, DSA). The idea is that ^[[1msshM-bM-^@M-^Pagent ^[[22mis started in the beginM-bM-^@M-^P | ||
| 13 | ning of an XM-bM-^@M-^Psession or a login session, and all other windows or proM-bM-^@M-^P | ||
| 14 | grams are started as clients to the sshM-bM-^@M-^Pagent program. Through use of | ||
| 15 | environment variables the agent can be located and automatically used for | ||
| 16 | authentication when logging in to other machines using ssh(1). | ||
| 17 | |||
| 18 | The options are as follows: | ||
| 19 | |||
| 20 | ^[[1mM-bMM-^Ra ^[[4m^[[22mbind_address^[[0m | ||
| 21 | Bind the agent to the unixM-bM-^@M-^Pdomain socket ^[[4mbind_address^[[24m. The | ||
| 22 | default is ^[[4m/tmp/sshM-bM-^@M-^PXXXXXXXX/agent.<ppid>^[[24m. | ||
| 23 | |||
| 24 | ^[[1mM-bMM-^Rc ^[[22mGenerate CM-bM-^@M-^Pshell commands on stdout. This is the default if | ||
| 25 | SHELL looks like itM-bM-^@M-^Ys a csh style of shell. | ||
| 26 | |||
| 27 | ^[[1mM-bMM-^Rs ^[[22mGenerate Bourne shell commands on stdout. This is the default if | ||
| 28 | SHELL does not look like itM-bM-^@M-^Ys a csh style of shell. | ||
| 29 | |||
| 30 | ^[[1mM-bMM-^Rk ^[[22mKill the current agent (given by the SSH_AGENT_PID environment | ||
| 31 | variable). | ||
| 32 | |||
| 33 | ^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[0m | ||
| 34 | Set a default value for the maximum lifetime of identities added | ||
| 35 | to the agent. The lifetime may be specified in seconds or in a | ||
| 36 | time format specified in sshd(8). A lifetime specified for an | ||
| 37 | identity with sshM-bM-^@M-^Padd(1) overrides this value. Without this | ||
| 38 | option the default maximum lifetime is forever. | ||
| 39 | |||
| 40 | ^[[1mM-bMM-^Rd ^[[22mDebug mode. When this option is specified ^[[1msshM-bM-^@M-^Pagent ^[[22mwill not | ||
| 41 | fork. | ||
| 42 | |||
| 43 | If a commandline is given, this is executed as a subprocess of the agent. | ||
| 44 | When the command dies, so does the agent. | ||
| 45 | |||
| 46 | The agent initially does not have any private keys. Keys are added using | ||
| 47 | sshM-bM-^@M-^Padd(1). When executed without arguments, sshM-bM-^@M-^Padd(1) adds the files | ||
| 48 | ^[[4m$HOME/.ssh/id_rsa^[[24m, ^[[4m$HOME/.ssh/id_dsa^[[24m and ^[[4m$HOME/.ssh/identity^[[24m. If the | ||
| 49 | identity has a passphrase, sshM-bM-^@M-^Padd(1) asks for the passphrase (using a | ||
| 50 | small X11 application if running under X11, or from the terminal if runM-bM-^@M-^P | ||
| 51 | ning without X). It then sends the identity to the agent. Several idenM-bM-^@M-^P | ||
| 52 | tities can be stored in the agent; the agent can automatically use any of | ||
| 53 | these identities. ^[[1msshM-bM-^@M-^Padd M-bM-^@M-^Pl ^[[22mdisplays the identities currently held by | ||
| 54 | the agent. | ||
| 55 | |||
| 56 | The idea is that the agent is run in the userM-bM-^@M-^Ys local PC, laptop, or terM-bM-^@M-^P | ||
| 57 | minal. Authentication data need not be stored on any other machine, and | ||
| 58 | authentication passphrases never go over the network. However, the conM-bM-^@M-^P | ||
| 59 | nection to the agent is forwarded over SSH remote logins, and the user | ||
| 60 | can thus use the privileges given by the identities anywhere in the netM-bM-^@M-^P | ||
| 61 | work in a secure way. | ||
| 62 | |||
| 63 | There are two main ways to get an agent setup: Either the agent starts a | ||
| 64 | new subcommand into which some environment variables are exported, or the | ||
| 65 | agent prints the needed shell commands (either sh(1) or csh(1) syntax can | ||
| 66 | be generated) which can be evalled in the calling shell. Later ssh(1) | ||
| 67 | looks at these variables and uses them to establish a connection to the | ||
| 68 | agent. | ||
| 69 | |||
| 70 | The agent will never send a private key over its request channel. | ||
| 71 | Instead, operations that require a private key will be performed by the | ||
| 72 | agent, and the result will be returned to the requester. This way, priM-bM-^@M-^P | ||
| 73 | vate keys are not exposed to clients using the agent. | ||
| 74 | |||
| 75 | A unixM-bM-^@M-^Pdomain socket is created and the name of this socket is stored in | ||
| 76 | the SSH_AUTH_SOCK environment variable. The socket is made accessible | ||
| 77 | only to the current user. This method is easily abused by root or | ||
| 78 | another instance of the same user. | ||
| 79 | |||
| 80 | The SSH_AGENT_PID environment variable holds the agentM-bM-^@M-^Ys process ID. | ||
| 81 | |||
| 82 | The agent exits automatically when the command given on the command line | ||
| 83 | terminates. | ||
| 84 | |||
| 85 | ^[[1mFILES^[[0m | ||
| 86 | $HOME/.ssh/identity | ||
| 87 | Contains the protocol version 1 RSA authentication identity of | ||
| 88 | the user. | ||
| 89 | |||
| 90 | $HOME/.ssh/id_dsa | ||
| 91 | Contains the protocol version 2 DSA authentication identity of | ||
| 92 | the user. | ||
| 93 | |||
| 94 | $HOME/.ssh/id_rsa | ||
| 95 | Contains the protocol version 2 RSA authentication identity of | ||
| 96 | the user. | ||
| 97 | |||
| 98 | /tmp/sshM-bM-^@M-^PXXXXXXXX/agent.<ppid> | ||
| 99 | UnixM-bM-^@M-^Pdomain sockets used to contain the connection to the authenM-bM-^@M-^P | ||
| 100 | tication agent. These sockets should only be readable by the | ||
| 101 | owner. The sockets should get automatically removed when the | ||
| 102 | agent exits. | ||
| 103 | |||
| 104 | ^[[1mAUTHORS^[[0m | ||
| 105 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
| 106 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
| 107 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P | ||
| 108 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
| 109 | versions 1.5 and 2.0. | ||
| 110 | |||
| 111 | ^[[1mSEE ALSO^[[0m | ||
| 112 | ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pkeygen(1), sshd(8) | ||
| 113 | |||
| 114 | BSD September 25, 1999 BSD | ||