diff options
Diffstat (limited to 'ssh-add.1')
| -rw-r--r-- | ssh-add.1 | 69 |
1 files changed, 50 insertions, 19 deletions
@@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.61 2014/12/21 22:27:56 djm Exp $ +.\" $OpenBSD: ssh-add.1,v 1.79 2020/02/07 03:57:31 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,22 +35,26 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 21 2014 $ +.Dd $Mdocdate: February 7 2020 $ .Dt SSH-ADD 1 .Os .Sh NAME .Nm ssh-add -.Nd adds private key identities to the authentication agent +.Nd adds private key identities to the OpenSSH authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdkLlXx +.Op Fl cDdKkLlqvXx .Op Fl E Ar fingerprint_hash +.Op Fl S Ar provider .Op Fl t Ar life .Op Ar .Nm ssh-add .Fl s Ar pkcs11 .Nm ssh-add .Fl e Ar pkcs11 +.Nm ssh-add +.Fl T +.Ar pubkey ... .Sh DESCRIPTION .Nm adds private key identities to the authentication agent, @@ -59,9 +63,10 @@ When run without arguments, it adds the files .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , -.Pa ~/.ssh/id_ed25519 +.Pa ~/.ssh/id_ecdsa_sk , +.Pa ~/.ssh/id_ed25519 , and -.Pa ~/.ssh/identity . +.Pa ~/.ssh/id_ed25519_sk . After loading a private key, .Nm will try to load corresponding certificate information from the @@ -88,12 +93,11 @@ The options are as follows: .It Fl c Indicates that added identities should be subject to confirmation before being used for authentication. -Confirmation is performed by the -.Ev SSH_ASKPASS -program mentioned below. -Successful confirmation is signaled by a zero exit status from the -.Ev SSH_ASKPASS -program, rather than text entered into the requester. +Confirmation is performed by +.Xr ssh-askpass 1 . +Successful confirmation is signaled by a zero exit status from +.Xr ssh-askpass 1 , +rather than text entered into the requester. .It Fl D Deletes all identities from the agent. .It Fl d @@ -120,6 +124,8 @@ The default is .It Fl e Ar pkcs11 Remove keys provided by the PKCS#11 shared library .Ar pkcs11 . +.It Fl K +Load resident keys from a FIDO authenticator. .It Fl k When loading keys into or deleting keys from the agent, process plain private keys only and skip certificates. @@ -128,14 +134,34 @@ Lists public key parameters of all identities currently represented by the agent. .It Fl l Lists fingerprints of all identities currently represented by the agent. +.It Fl q +Be quiet after a successful operation. +.It Fl S Ar provider +Specifies a path to a library that will be used when adding +FIDO authenticator-hosted keys, overriding the default of using the +internal USB HID support. .It Fl s Ar pkcs11 Add keys provided by the PKCS#11 shared library .Ar pkcs11 . +.It Fl T Ar pubkey ... +Tests whether the private keys that correspond to the specified +.Ar pubkey +files are usable by performing sign and verify operations on each. .It Fl t Ar life Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in .Xr sshd_config 5 . +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages about its progress. +This is helpful in debugging problems. +Multiple +.Fl v +options increase the verbosity. +The maximum is 3. .It Fl X Unlock the agent. .It Fl x @@ -156,6 +182,8 @@ and .Ev SSH_ASKPASS are set, it will execute the program specified by .Ev SSH_ASKPASS +(by default +.Dq ssh-askpass ) and open an X11 window to read the passphrase. This is particularly useful when calling .Nm @@ -170,19 +198,21 @@ to make this work.) Identifies the path of a .Ux Ns -domain socket used to communicate with the agent. +.It Ev SSH_SK_PROVIDER +Specifies a path to a library that will be used when loading any +FIDO authenticator-hosted keys, overriding the default of using +the built-in USB HID support. .El .Sh FILES -.Bl -tag -width Ds -.It Pa ~/.ssh/identity -Contains the protocol version 1 RSA authentication identity of the user. +.Bl -tag -width Ds -compact .It Pa ~/.ssh/id_dsa -Contains the protocol version 2 DSA authentication identity of the user. .It Pa ~/.ssh/id_ecdsa -Contains the protocol version 2 ECDSA authentication identity of the user. +.It Pa ~/.ssh/id_ecdsa_sk .It Pa ~/.ssh/id_ed25519 -Contains the protocol version 2 Ed25519 authentication identity of the user. +.It Pa ~/.ssh/id_ed25519_sk .It Pa ~/.ssh/id_rsa -Contains the protocol version 2 RSA authentication identity of the user. +Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, +authenticator-hosted Ed25519 or RSA authentication identity of the user. .El .Pp Identity files should not be readable by anyone but the user. @@ -197,6 +227,7 @@ is unable to contact the authentication agent. .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-agent 1 , +.Xr ssh-askpass 1 , .Xr ssh-keygen 1 , .Xr sshd 8 .Sh AUTHORS |