diff options
Diffstat (limited to 'ssh-agent.1')
-rw-r--r-- | ssh-agent.1 | 52 |
1 files changed, 30 insertions, 22 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1 index b98775d90..7029b60dc 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-agent.1,v 1.9 2000/01/22 02:17:50 aaron Exp $ | 1 | .\" $OpenBSD: ssh-agent.1,v 1.10 2000/03/23 21:10:10 aaron Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -27,12 +27,13 @@ | |||
27 | .Oc | 27 | .Oc |
28 | .Sh DESCRIPTION | 28 | .Sh DESCRIPTION |
29 | .Nm | 29 | .Nm |
30 | is a program to hold authentication private keys. The | 30 | is a program to hold authentication private keys. |
31 | idea is that | 31 | The idea is that |
32 | .Nm | 32 | .Nm |
33 | is started in the beginning of an X-session or a login session, and | 33 | is started in the beginning of an X-session or a login session, and |
34 | all other windows or programs are started as clients to the ssh-agent | 34 | all other windows or programs are started as clients to the ssh-agent |
35 | program. Through use of environment variables the agent can be located | 35 | program. |
36 | Through use of environment variables the agent can be located | ||
36 | and automatically used for RSA authentication when logging in to other | 37 | and automatically used for RSA authentication when logging in to other |
37 | machines using | 38 | machines using |
38 | .Xr ssh 1 . | 39 | .Xr ssh 1 . |
@@ -60,30 +61,34 @@ environment variable). | |||
60 | If a commandline is given, this is executed as a subprocess of the agent. | 61 | If a commandline is given, this is executed as a subprocess of the agent. |
61 | When the command dies, so does the agent. | 62 | When the command dies, so does the agent. |
62 | .Pp | 63 | .Pp |
63 | The agent initially does not have any private keys. Keys are added | 64 | The agent initially does not have any private keys. |
64 | using | 65 | Keys are added using |
65 | .Xr ssh-add 1 . | 66 | .Xr ssh-add 1 . |
66 | When executed without arguments, | 67 | When executed without arguments, |
67 | .Xr ssh-add 1 | 68 | .Xr ssh-add 1 |
68 | adds the | 69 | adds the |
69 | .Pa $HOME/.ssh/identity | 70 | .Pa $HOME/.ssh/identity |
70 | file. If the identity has a passphrase, | 71 | file. |
72 | If the identity has a passphrase, | ||
71 | .Xr ssh-add 1 | 73 | .Xr ssh-add 1 |
72 | asks for the passphrase (using a small X11 application if running | 74 | asks for the passphrase (using a small X11 application if running |
73 | under X11, or from the terminal if running without X). It then sends | 75 | under X11, or from the terminal if running without X). |
74 | the identity to the agent. Several identities can be stored in the | 76 | It then sends the identity to the agent. |
77 | Several identities can be stored in the | ||
75 | agent; the agent can automatically use any of these identities. | 78 | agent; the agent can automatically use any of these identities. |
76 | .Ic ssh-add -l | 79 | .Ic ssh-add -l |
77 | displays the identities currently held by the agent. | 80 | displays the identities currently held by the agent. |
78 | .Pp | 81 | .Pp |
79 | The idea is that the agent is run in the user's local PC, laptop, or | 82 | The idea is that the agent is run in the user's local PC, laptop, or |
80 | terminal. Authentication data need not be stored on any other | 83 | terminal. |
84 | Authentication data need not be stored on any other | ||
81 | machine, and authentication passphrases never go over the network. | 85 | machine, and authentication passphrases never go over the network. |
82 | However, the connection to the agent is forwarded over SSH | 86 | However, the connection to the agent is forwarded over SSH |
83 | remote logins, and the user can thus use the privileges given by the | 87 | remote logins, and the user can thus use the privileges given by the |
84 | identities anywhere in the network in a secure way. | 88 | identities anywhere in the network in a secure way. |
85 | .Pp | 89 | .Pp |
86 | There are two main ways to get an agent setup: Either you let the agent | 90 | There are two main ways to get an agent setup: |
91 | Either you let the agent | ||
87 | start a new subcommand into which some environment variables are exported, or | 92 | start a new subcommand into which some environment variables are exported, or |
88 | you let the agent print the needed shell commands (either | 93 | you let the agent print the needed shell commands (either |
89 | .Xr sh 1 | 94 | .Xr sh 1 |
@@ -99,7 +104,8 @@ A unix-domain socket is created | |||
99 | and the name of this socket is stored in the | 104 | and the name of this socket is stored in the |
100 | .Ev SSH_AUTH_SOCK | 105 | .Ev SSH_AUTH_SOCK |
101 | environment | 106 | environment |
102 | variable. The socket is made accessible only to the current user. | 107 | variable. |
108 | The socket is made accessible only to the current user. | ||
103 | This method is easily abused by root or another instance of the same | 109 | This method is easily abused by root or another instance of the same |
104 | user. | 110 | user. |
105 | .Pp | 111 | .Pp |
@@ -112,28 +118,30 @@ line terminates. | |||
112 | .Sh FILES | 118 | .Sh FILES |
113 | .Bl -tag -width Ds | 119 | .Bl -tag -width Ds |
114 | .It Pa $HOME/.ssh/identity | 120 | .It Pa $HOME/.ssh/identity |
115 | Contains the RSA authentication identity of the user. This file | 121 | Contains the RSA authentication identity of the user. |
116 | should not be readable by anyone but the user. It is possible to | 122 | This file should not be readable by anyone but the user. |
123 | It is possible to | ||
117 | specify a passphrase when generating the key; that passphrase will be | 124 | specify a passphrase when generating the key; that passphrase will be |
118 | used to encrypt the private part of this file. This file | 125 | used to encrypt the private part of this file. |
119 | is not used by | 126 | This file is not used by |
120 | .Nm | 127 | .Nm |
121 | but is normally added to the agent using | 128 | but is normally added to the agent using |
122 | .Xr ssh-add 1 | 129 | .Xr ssh-add 1 |
123 | at login time. | 130 | at login time. |
124 | .It Pa /tmp/ssh-XXXX/agent.<pid> , | 131 | .It Pa /tmp/ssh-XXXX/agent.<pid> , |
125 | Unix-domain sockets used to contain the connection to the | 132 | Unix-domain sockets used to contain the connection to the |
126 | authentication agent. These sockets should only be readable by the | 133 | authentication agent. |
127 | owner. The sockets should get automatically removed when the agent | 134 | These sockets should only be readable by the owner. |
128 | exits. | 135 | The sockets should get automatically removed when the agent exits. |
129 | .Sh AUTHOR | 136 | .Sh AUTHOR |
130 | Tatu Ylonen <ylo@cs.hut.fi> | 137 | Tatu Ylonen <ylo@cs.hut.fi> |
131 | .Pp | 138 | .Pp |
132 | OpenSSH | 139 | OpenSSH |
133 | is a derivative of the original (free) ssh 1.2.12 release, but with bugs | 140 | is a derivative of the original (free) ssh 1.2.12 release, but with bugs |
134 | removed and newer features re-added. Rapidly after the 1.2.12 release, | 141 | removed and newer features re-added. |
135 | newer versions bore successively more restrictive licenses. This version | 142 | Rapidly after the 1.2.12 release, |
136 | of OpenSSH | 143 | newer versions bore successively more restrictive licenses. |
144 | This version of OpenSSH | ||
137 | .Bl -bullet | 145 | .Bl -bullet |
138 | .It | 146 | .It |
139 | has all components of a restrictive nature (i.e., patents, see | 147 | has all components of a restrictive nature (i.e., patents, see |