DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 




SSH-ADD(1)               USER COMMANDS                 SSH-ADD(1)




NAME

     ssh-add - adds private key identities to the  authentication
     agent


SYNOPSIS

     ssh-add [-cDdkLlXx] [-E fingerprint_hash]  [-t  life]  [file
     ...]
     ssh-add -s pkcs11
     ssh-add -e pkcs11


DESCRIPTION

     ssh-add adds private key identities  to  the  authentication
     agent,  ssh-agent(1).   When  run without arguments, it adds
     the  files  ~/.ssh/id_rsa,  ~/.ssh/id_dsa,  ~/.ssh/id_ecdsa,
     ~/.ssh/id_ed25519  and  ~/.ssh/identity.   After  loading  a
     private key, ssh-add will try to load corresponding certifi-
     cate  information  from  the  filename obtained by appending
     -cert.pub to the name of the private key file.   Alternative
     file names can be given on the command line.

     If any file requires a  passphrase,  ssh-add  asks  for  the
     passphrase  from  the user.  The passphrase is read from the
     user's tty.  ssh-add retries the last passphrase if multiple
     identity files are given.

     The  authentication  agent   must   be   running   and   the
     SSH_AUTH_SOCK  environment variable must contain the name of
     its socket for ssh-add to work.

     The options are as follows:

     -c   Indicates that added identities should  be  subject  to
          confirmation  before  being  used  for  authentication.
          Confirmation is performed by ssh-askpass(1).   Success-
          ful confirmation is signaled by a zero exit status from
          ssh-askpass(1),  rather  than  text  entered  into  the
          requester.

     -D   Deletes all identities from the agent.

     -d   Instead of adding identities, removes  identities  from
          the  agent.  If ssh-add has been run without arguments,
          the  keys  for  the  default   identities   and   their
          corresponding certificates will be removed.  Otherwise,
          the argument list will be  interpreted  as  a  list  of
          paths  to public key files to specify keys and certifi-
          cates to be removed from the agent.  If no  public  key
          is  found at a given path, ssh-add will append .pub and
          retry.

     -E fingerprint_hash
          Specifies the hash algorithm used when  displaying  key



                   Last change: March 30 2015                   1






SSH-ADD(1)               USER COMMANDS                 SSH-ADD(1)



          fingerprints.    Valid   options   are:    ``md5''  and
          ``sha256''.  The default is ``sha256''.

     -e pkcs11
          Remove keys provided  by  the  PKCS#11  shared  library
          pkcs11.

     -k   When loading keys into or deleting keys from the agent,
          process plain private keys only and skip certificates.

     -L   Lists public key parameters of all identities currently
          represented by the agent.

     -l   Lists  fingerprints   of   all   identities   currently
          represented by the agent.

     -s pkcs11
          Add keys provided by the PKCS#11 shared library pkcs11.

     -t life
          Set a maximum lifetime when  adding  identities  to  an
          agent.   The lifetime may be specified in seconds or in
          a time format specified in sshd_config(5).

     -X   Unlock the agent.

     -x   Lock the agent with a password.


ENVIRONMENT

     DISPLAY and SSH_ASKPASS
          If  ssh-add  needs  a  passphrase,  it  will  read  the
          passphrase from the current terminal if it was run from
          a terminal.  If ssh-add does not have a terminal  asso-
          ciated  with it but DISPLAY and SSH_ASKPASS are set, it
          will execute the program specified by  SSH_ASKPASS  (by
          default  ``ssh-askpass  )''  and  open an X11 window to
          read the passphrase.  This is particularly useful  when
          calling  ssh-add  from  a  .xsession or related script.
          (Note that on some machines  it  may  be  necessary  to
          redirect the input from /dev/null to make this work.)

     SSH_AUTH_SOCK
          Identifies the path of a  UNIX-domain  socket  used  to
          communicate with the agent.


FILES

     ~/.ssh/identity
          Contains the  protocol  version  1  RSA  authentication
          identity of the user.

     ~/.ssh/id_dsa
          Contains the  protocol  version  2  DSA  authentication



                   Last change: March 30 2015                   2






SSH-ADD(1)               USER COMMANDS                 SSH-ADD(1)



          identity of the user.

     ~/.ssh/id_ecdsa
          Contains the protocol version  2  ECDSA  authentication
          identity of the user.

     ~/.ssh/id_ed25519
          Contains the protocol version 2 Ed25519  authentication
          identity of the user.

     ~/.ssh/id_rsa
          Contains the  protocol  version  2  RSA  authentication
          identity of the user.

          Identity files should not be readable by anyone but the
          user.  Note that ssh-add ignores identity files if they
          are accessible by others.


EXIT STATUS

     Exit status is 0 on success,  1  if  the  specified  command
     fails, and 2 if ssh-add is unable to contact the authentica-
     tion agent.


SEE ALSO

     ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)


AUTHORS

     OpenSSH is a derivative of the original and free ssh  1.2.12
     release  by  Tatu  Ylonen.  Aaron Campbell, Bob Beck, Markus
     Friedl, Niels Provos, Theo de Raadt  and  Dug  Song  removed
     many  bugs,  re-added  newer  features  and created OpenSSH.
     Markus Friedl contributed the support for SSH protocol  ver-
     sions 1.5 and 2.0.






















                   Last change: March 30 2015                   3




Man(1) output converted with man2html