summaryrefslogtreecommitdiff
path: root/ssh-add.1
AgeCommit message (Collapse)Author
2019-12-30upstream: Replace the term "security key" with "(FIDO)naddy@openbsd.org
authenticator". The polysemous use of "key" was too confusing. Input from markus@. ok jmc@ OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
2019-12-11upstream: tweak the Nd lines for a bit of consistency; ok markusjmc@openbsd.org
OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
2019-11-20upstream: more missing mentions of ed25519-sk; ok djm@naddy@openbsd.org
OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
2019-11-17upstream: double word;jmc@openbsd.org
OpenBSD-Commit-ID: 43d09bafa4ea9002078cb30ca9adc3dcc0b9c2b9
2019-11-15upstream: directly support U2F/FIDO2 security keys in OpenSSH bydjm@openbsd.org
linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging. OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-08upstream: Fill in missing man page bits for U2F security key support:naddy@openbsd.org
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
2019-11-01upstream: sort;jmc@openbsd.org
OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
2019-11-01upstream: ssh-add support for U2F/FIDO keysdjm@openbsd.org
OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
2019-01-21upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn updjm@openbsd.org
debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21upstream: - -T was added to the first synopsis by mistake - sincejmc@openbsd.org
"..." denotes optional, no need to surround it in [] ok djm OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25
2019-01-21upstream: add option to test whether keys in an agent are usable,djm@openbsd.org
by performing a signature and a verification using each key "ssh-add -T pubkey [...]" work by markus@, ok djm@ OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b
2017-09-04upstream commitjmc@openbsd.org
sort options; Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
2017-09-04upstream commitdlg@openbsd.org
add a -q option to ssh-add to make it quiet on success. if you want to silence ssh-add without this you generally redirect the output to /dev/null, but that can hide error output which you should see. ok djm@ Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
2017-05-08upstream commitnaddy@openbsd.org
remove superfluous protocol 2 mentions; ok jmc@ Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
2017-05-08upstream commitjmc@openbsd.org
more protocol 1 stuff to go; ok djm Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
2015-04-01upstream commitjmc@openbsd.org
ssh-askpass(1) is the default, overridden by SSH_ASKPASS; diff originally from jiri b;
2014-12-22upstream commitdjm@openbsd.org
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-10-13upstream commitsobrado@openbsd.org
improve capitalization for the Ed25519 public-key signature system. ok djm@
2013-12-18 - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
2012-12-07 - jmc@cvs.openbsd.org 2012/12/03 08:33:03Darren Tucker
[ssh-add.1 sshd_config.5] tweak previous;
2012-12-03 - djm@cvs.openbsd.org 2012/12/02 20:42:15Damien Miller
[ssh-add.1 ssh-add.c] make deleting explicit keys "ssh-add -d" symmetric with adding keys - try to delete the corresponding certificate too and respect the -k option to allow deleting of the key only; feedback and ok markus@
2011-10-18 - djm@cvs.openbsd.org 2011/10/18 05:00:48Damien Miller
[ssh-add.1 ssh-add.c] new "ssh-add -k" option to load plain keys (skipping certificates); "looks ok" markus@
2010-11-05 - jmc@cvs.openbsd.org 2010/10/28 18:33:28Damien Miller
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines;
2010-09-10 - jmc@cvs.openbsd.org 2010/09/04 09:38:34Damien Miller
[ssh-add.1 ssh.1] two more EXIT STATUS sections;
2010-08-31 - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
2010-03-05 - djm@cvs.openbsd.org 2010/03/05 10:28:21Damien Miller
[ssh-add.1 ssh.1 ssh_config.5] mention loading of certificate files from [private]-cert.pub when they are present; feedback and ok jmc@
2010-02-12 - markus@cvs.openbsd.org 2010/02/10 23:20:38Damien Miller
[ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5] pkcs#11 is no longer optional; improve wording; ok jmc@
2010-02-12 - jmc@cvs.openbsd.org 2010/02/08 22:03:05Damien Miller
[ssh-add.1 ssh-keygen.1 ssh.1 ssh.c] tweak previous; ok markus
2010-02-12 - markus@cvs.openbsd.org 2010/02/08 10:50:20Damien Miller
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev `
2009-10-24 - sobrado@cvs.openbsd.org 2009/10/22 15:02:12Darren Tucker
[ssh-agent.1 ssh-add.1 ssh.1] write UNIX-domain in a more consistent way; while here, replace a few remaining ".Tn UNIX" macros with ".Ux" ones. pointed out by ratchov@, thanks! ok jmc@
2009-10-24 - sobrado@cvs.openbsd.org 2009/10/22 12:35:53Darren Tucker
[ssh.1 ssh-agent.1 ssh-add.1] use the UNIX-related macros (.At and .Ux) where appropriate. ok jmc@
2007-06-13 - jmc@cvs.openbsd.org 2007/06/12 13:41:03Darren Tucker
[ssh-add.1] identies -> identities;
2007-06-12 - djm@cvs.openbsd.org 2007/06/12 07:41:00Darren Tucker
[ssh-add.1] better document ssh-add's -d option (delete identies from agent), bz#1224 new text based on some provided by andrewmc-debian AT celt.dias.ie; ok dtucker@
2007-06-05 - jmc@cvs.openbsd.org 2007/05/31 19:20:16Darren Tucker
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] convert to new .Dd format; (We will need to teach mdoc2man.awk to understand this too.)
2005-05-26 - djm@cvs.openbsd.org 2005/04/21 06:17:50Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment variable, so don't say that we do (bz #623); ok deraadt@
2005-03-02 - jmc@cvs.openbsd.org 2005/03/01 17:32:19Damien Miller
[ssh-add.1] sort options;
2004-11-05 - jmc@cvs.openbsd.org 2004/08/30 21:22:49Darren Tucker
[ssh-add.1 ssh.1] .Xsession -> .xsession; originally from a pr from f at obiit dot org, but missed by myself; ok markus@ matthieu@
2003-12-09 - matthieu@cvs.openbsd.org 2003/11/25 23:10:08Darren Tucker
[ssh-add.1] ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
2003-06-11 - jmc@cvs.openbsd.org 2003/06/10 09:12:11Damien Miller
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - section reorder - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
2003-04-01 - (djm) OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2003/03/28 10:11:43 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - killed whitespace - new sentence new line - .Bk for arguments ok markus@
2003-02-24 - markus@cvs.openbsd.org 2003/02/10 11:51:47Damien Miller
[ssh-add.1] xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490
2003-01-24 - markus@cvs.openbsd.org 2003/01/23 13:50:27Damien Miller
[authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -c, prompt user for confirmation (using ssh-askpass) when private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@
2002-06-21 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
2002-06-11 - stevesk@cvs.openbsd.org 2002/06/10 17:36:23Ben Lindstrom
[ssh-add.1 ssh-add.c] use convtime() to parse and validate key lifetime. can now use '-t 2h' etc. ok markus@ provos@
2002-06-06 - markus@cvs.openbsd.org 2002/06/05 21:55:44Ben Lindstrom
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -t life, Set lifetime (in seconds) when adding identities; ok provos@
2002-06-06 - markus@cvs.openbsd.org 2002/06/05 19:57:12Ben Lindstrom
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -x for lock and -X for unlocking the agent. todo: encrypt private keys with locked...
2002-06-06 - markus@cvs.openbsd.org 2002/06/05 16:08:07Ben Lindstrom
[ssh-agent.1 ssh-agent.c] '-a bind_address' binds the agent to user-specified unix-domain socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-02-05 - stevesk@cvs.openbsd.org 2002/02/04 20:41:16Damien Miller
[ssh-add.1] more sync for default ssh-add identities; ok markus@
2002-02-05 - markus@cvs.openbsd.org 2002/01/29 16:41:19Damien Miller
[ssh-add.1] add DIAGNOSTICS; ok stevesk@
2002-01-22 - djm@cvs.openbsd.org 2001/12/21 10:06:43Damien Miller
[ssh-add.1 ssh-add.c] Try all standard key files (id_rsa, id_dsa, identity) when invoked with no arguments; ok markus@