summaryrefslogtreecommitdiff
path: root/ssh-agent.1
AgeCommit message (Collapse)Author
2019-10-09Document consequences of ssh-agent being setgid in ssh-agent(1)Colin Watson
Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch
2016-11-30upstream commitjmc@openbsd.org
tweak previous; while here fix up FILES and AUTHORS; Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa
2016-11-30upstream commitdjm@openbsd.org
add a whitelist of paths from which ssh-agent will load (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
2015-11-16upstream commitjmc@openbsd.org
do not confuse mandoc by presenting "Dd"; Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
2015-11-16upstream commitjcs@openbsd.org
Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@ Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
2015-11-09upstream commitjmc@openbsd.org
"commandline" -> "command line", since there are so few examples of the former in the pages, so many of the latter, and in some of these pages we had multiple spellings; prompted by tj Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
2015-04-29upstream commitjmc@openbsd.org
combine -Dd onto one line and update usage();
2015-04-29upstream commitdjm@openbsd.org
add ssh-agent -D to leave ssh-agent in foreground without enabling debug mode; bz#2381 ok dtucker@
2014-12-22upstream commitdjm@openbsd.org
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-10-13upstream commitsobrado@openbsd.org
improve capitalization for the Ed25519 public-key signature system. ok djm@
2014-04-20 - djm@cvs.openbsd.org 2014/04/16 23:28:12Damien Miller
[ssh-agent.1] remove the identity files from this manpage - ssh-agent doesn't deal with them at all and the same information is duplicated in ssh-add.1 (which does deal with them); prodded by deraadt@
2013-12-18 - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
2010-12-01 - djm@cvs.openbsd.org 2010/11/21 01:01:13Damien Miller
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
2010-09-10 - jmc@cvs.openbsd.org 2010/08/31 17:40:54Damien Miller
[ssh-agent.1] fix some macro abuse;
2010-08-31 - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
2010-01-26 - tedu@cvs.openbsd.org 2010/01/17 21:49:09Damien Miller
[ssh-agent.1] Correct and clarify ssh-add's password asking behavior. Improved text dtucker and ok jmc
2009-10-24 - sobrado@cvs.openbsd.org 2009/10/22 15:02:12Darren Tucker
[ssh-agent.1 ssh-add.1 ssh.1] write UNIX-domain in a more consistent way; while here, replace a few remaining ".Tn UNIX" macros with ".Ux" ones. pointed out by ratchov@, thanks! ok jmc@
2009-10-24 - sobrado@cvs.openbsd.org 2009/10/22 12:35:53Darren Tucker
[ssh.1 ssh-agent.1 ssh-add.1] use the UNIX-related macros (.At and .Ux) where appropriate. ok jmc@
2009-06-21 - sobrado@cvs.openbsd.org 2009/03/26 08:38:39Darren Tucker
[sftp-server.8 sshd.8 ssh-agent.1] fix a few typographical errors found by spell(1). ok dtucker@, jmc@
2007-09-17 - sobrado@cvs.openbsd.org 2007/09/09 11:38:01Damien Miller
[ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c] sort synopsis and options in ssh-agent(1); usage is lowercase ok jmc@
2007-06-05 - jmc@cvs.openbsd.org 2007/05/31 19:20:16Darren Tucker
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] convert to new .Dd format; (We will need to teach mdoc2man.awk to understand this too.)
2006-07-24 - jmc@cvs.openbsd.org 2006/07/18 08:03:09Damien Miller
[ssh-agent.1 sshd_config.5] mark up angle brackets;
2005-11-28 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56Darren Tucker
[ssh-agent.1] Update agent socket path templates to reflect reality, correct xref for time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
2005-05-26 - djm@cvs.openbsd.org 2005/04/21 06:17:50Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment variable, so don't say that we do (bz #623); ok deraadt@
2004-07-17 - deraadt@cvs.openbsd.org 2004/07/11 17:48:47Darren Tucker
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces
2004-05-13 - dtucker@cvs.openbsd.org 2004/05/13 02:47:50Darren Tucker
[ssh-agent.1] Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@
2003-06-11 - jmc@cvs.openbsd.org 2003/06/10 09:12:11Damien Miller
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - section reorder - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
2003-05-15 - (djm) OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2003/05/14 13:11:56 [ssh-agent.1] setup -> set up; from wiz@netbsd
2003-04-01 - (djm) OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2003/03/28 10:11:43 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - killed whitespace - new sentence new line - .Bk for arguments ok markus@
2003-01-22 - (djm) OpenBSD CVS SyncDamien Miller
- marc@cvs.openbsd.org 2003/01/21 18:14:36 [ssh-agent.1 ssh-agent.c] Add a -t life option to ssh-agent that set the default lifetime. The default can still be overriden by using -t in ssh-add. OK markus@
2002-06-25 - markus@cvs.openbsd.org 2002/06/24 13:12:23Ben Lindstrom
[ssh-agent.1] the socket name contains ssh-agent's ppid; via mpech@ from form@
2002-06-23 - stevesk@cvs.openbsd.org 2002/06/22 16:45:29Ben Lindstrom
[ssh-agent.1 sshd.8 sshd_config.5] use process ID vs. pid/PID/process identifier
2002-06-21 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
2002-06-06 - markus@cvs.openbsd.org 2002/06/05 16:08:07Ben Lindstrom
[ssh-agent.1 ssh-agent.c] '-a bind_address' binds the agent to user-specified unix-domain socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-02-08 - stevesk@cvs.openbsd.org 2002/02/04 20:41:16Damien Miller
[ssh-agent.1] more sync for default ssh-add identities; ok markus@
2002-02-05 - stevesk@cvs.openbsd.org 2002/02/03 23:22:59Damien Miller
[ssh-agent.1] ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
2001-12-06 - stevesk@cvs.openbsd.org 2001/11/19 18:40:46Ben Lindstrom
[ssh-agent.1] clarify/state that private keys are not exposed to clients using the agent; ok markus@
2001-09-12 - deraadt@cvs.openbsd.org 2001/09/05 06:23:07Ben Lindstrom
[scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1] avoid first person in manual pages
2001-09-12 - stevesk@cvs.openbsd.org 2001/08/23 18:02:48Ben Lindstrom
[ssh-agent.1] fix usage; ok markus@
2001-07-18 - stevesk@cvs.openbsd.org 2001/07/15 16:57:21Ben Lindstrom
[ssh-agent.1] -d will not fork; ok markus@
2001-07-04 - markus@cvs.openbsd.org 2001/06/26 04:07:06Ben Lindstrom
[ssh-agent.1 ssh-agent.c] add debug flag
2001-04-11 - itojun@cvs.openbsd.org 2001/04/10 09:13:22Ben Lindstrom
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] document id_rsa{.pub,}. markus ok
2001-04-04 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23Ben Lindstrom
[ssh-agent.1] grammar; slade@shore.net
2001-03-05 - deraadt@cvs.openbsd.org 2001/03/02 18:54:31Ben Lindstrom
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8] make copyright lines the same format
2001-02-10 - (bal) A bit more whitespace cleanupBen Lindstrom
2001-02-10Sync CVS ID w/ OpenBSDBen Lindstrom
2001-01-29 - markus@cvs.openbsd.org 2001/01/28 10:24:04Ben Lindstrom
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1] cleanup AUTHORS sections
2000-11-2120001123Ben Lindstrom
- (bal) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/11/15 22:31:36 [auth-options.c] case insensitive key options; from stevesk@sweeden.hp.com - markus@cvs.openbsd.org 2000/11/16 17:55:43 [dh.c] do not use perror() in sshd, after child is forked() - markus@cvs.openbsd.org 2000/11/14 23:42:40 [auth-rsa.c] parse option only if key matches; fix some confusing seen by the client - markus@cvs.openbsd.org 2000/11/14 23:44:19 [session.c] check no_agent_forward_flag for ssh-2, too - markus@cvs.openbsd.org 2000/11/15 [ssh-agent.1] reorder SYNOPSIS; typo, use .It - markus@cvs.openbsd.org 2000/11/14 23:48:55 [ssh-agent.c] do not reorder keys if a key is removed - markus@cvs.openbsd.org 2000/11/15 19:58:08 [ssh.c] just ignore non existing user keys - millert@cvs.openbsd.org 200/11/15 20:24:43 [ssh-keygen.c] Add missing \n at end of error message.
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately