diff options
Diffstat (limited to 'openssh-agent.1')
-rw-r--r-- | openssh-agent.1 | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/openssh-agent.1 b/openssh-agent.1 new file mode 100644 index 000000000..df061df82 --- /dev/null +++ b/openssh-agent.1 | |||
@@ -0,0 +1,124 @@ | |||
1 | .\" -*- nroff -*- | ||
2 | .\" | ||
3 | .\" ssh-agent.1 | ||
4 | .\" | ||
5 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
6 | .\" | ||
7 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
8 | .\" All rights reserved | ||
9 | .\" | ||
10 | .\" Created: Sat Apr 23 20:10:43 1995 ylo | ||
11 | .\" | ||
12 | .\" $Id: openssh-agent.1,v 1.1 1999/10/28 04:03:14 damien Exp $ | ||
13 | .\" | ||
14 | .Dd September 25, 1999 | ||
15 | .Dt SSH-AGENT 1 | ||
16 | .Os | ||
17 | .Sh NAME | ||
18 | .Nm ssh-agent | ||
19 | .Nd authentication agent | ||
20 | .Sh SYNOPSIS | ||
21 | .Nm ssh-agent | ||
22 | .Ar command | ||
23 | .Sh DESCRIPTION | ||
24 | .Nm | ||
25 | is a program to hold authentication private keys. The | ||
26 | idea is that | ||
27 | .Nm | ||
28 | is started in the beginning of an X-session or a login session, and | ||
29 | all other windows or programs are started as children of the ssh-agent | ||
30 | program (the | ||
31 | .Ar command | ||
32 | normally starts X or is the user shell). Programs started under | ||
33 | the agent inherit a connection to the agent, and the agent is | ||
34 | automatically used for RSA authentication when logging to other | ||
35 | machines using | ||
36 | .Xr ssh 1 . | ||
37 | .Pp | ||
38 | The agent initially does not have any private keys. Keys are added | ||
39 | using | ||
40 | .Xr ssh-add 1 . | ||
41 | When executed without arguments, | ||
42 | .Xr ssh-add 1 | ||
43 | adds the | ||
44 | .Pa $HOME/.ssh/identity | ||
45 | file. If the identity has a passphrase, | ||
46 | .Xr ssh-add 1 | ||
47 | asks for the passphrase (using a small X11 application if running | ||
48 | under X11, or from the terminal if running without X). It then sends | ||
49 | the identity to the agent. Several identities can be stored in the | ||
50 | agent; the agent can automatically use any of these identities. | ||
51 | .Ic ssh-add -l | ||
52 | displays the identities currently held by the agent. | ||
53 | .Pp | ||
54 | The idea is that the agent is run in the user's local PC, laptop, or | ||
55 | terminal. Authentication data need not be stored on any other | ||
56 | machine, and authentication passphrases never go over the network. | ||
57 | However, the connection to the agent is forwarded over SSH | ||
58 | remote logins, and the user can thus use the privileges given by the | ||
59 | identities anywhere in the network in a secure way. | ||
60 | .Pp | ||
61 | A connection to the agent is inherited by child programs: | ||
62 | A unix-domain socket is created | ||
63 | .Pq Pa /tmp/ssh-XXXX/agent.<pid> , | ||
64 | and the name of this socket is stored in the | ||
65 | .Ev SSH_AUTH_SOCK | ||
66 | environment | ||
67 | variable. The socket is made accessible only to the current user. | ||
68 | This method is easily abused by root or another instance of the same | ||
69 | user. | ||
70 | .Pp | ||
71 | The agent exits automatically when the command given on the command | ||
72 | line terminates. | ||
73 | .Sh FILES | ||
74 | .Bl -tag -width Ds | ||
75 | .It Pa $HOME/.ssh/identity | ||
76 | Contains the RSA authentication identity of the user. This file | ||
77 | should not be readable by anyone but the user. It is possible to | ||
78 | specify a passphrase when generating the key; that passphrase will be | ||
79 | used to encrypt the private part of this file. This file | ||
80 | is not used by | ||
81 | .Nm | ||
82 | but is normally added to the agent using | ||
83 | .Xr ssh-add 1 | ||
84 | at login time. | ||
85 | .It Pa /tmp/ssh-XXXX/agent.<pid> , | ||
86 | Unix-domain sockets used to contain the connection to the | ||
87 | authentication agent. These sockets should only be readable by the | ||
88 | owner. The sockets should get automatically removed when the agent | ||
89 | exits. | ||
90 | .Sh AUTHOR | ||
91 | Tatu Ylonen <ylo@cs.hut.fi> | ||
92 | .Pp | ||
93 | OpenSSH | ||
94 | is a derivative of the original (free) ssh 1.2.12 release, but with bugs | ||
95 | removed and newer features re-added. Rapidly after the 1.2.12 release, | ||
96 | newer versions bore successively more restrictive licenses. This version | ||
97 | of OpenSSH | ||
98 | .Bl -bullet | ||
99 | .It | ||
100 | has all components of a restrictive nature (ie. patents, see | ||
101 | .Xr ssl 8 ) | ||
102 | directly removed from the source code; any licensed or patented components | ||
103 | are chosen from | ||
104 | external libraries. | ||
105 | .It | ||
106 | has been updated to support ssh protocol 1.5. | ||
107 | .It | ||
108 | contains added support for | ||
109 | .Xr kerberos 8 | ||
110 | authentication and ticket passing. | ||
111 | .It | ||
112 | supports one-time password authentication with | ||
113 | .Xr skey 1 . | ||
114 | .El | ||
115 | .Pp | ||
116 | The libraries described in | ||
117 | .Xr ssl 8 | ||
118 | are required for proper operation. | ||
119 | .Sh SEE ALSO | ||
120 | .Xr ssh 1 , | ||
121 | .Xr ssh-add 1 , | ||
122 | .Xr ssh-keygen 1 , | ||
123 | .Xr sshd 8 , | ||
124 | .Xr ssl 8 | ||