DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

ssh-add(1)





NAME

       ssh-add - adds private key identities to the authentication agent


SYNOPSIS

       ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...]
       ssh-add -s pkcs11
       ssh-add -e pkcs11


DESCRIPTION

       ssh-add  adds  private key identities to the authentication agent, ssh-
       agent(1).  When run without arguments, it adds the files ~/.ssh/id_rsa,
       ~/.ssh/id_dsa,  ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/identity.
       After loading a private key, ssh-add will  try  to  load  corresponding
       certificate   information  from  the  filename  obtained  by  appending
       -cert.pub to the name of the private key file.  Alternative file  names
       can be given on the command line.

       If any file requires a passphrase, ssh-add asks for the passphrase from
       the user.  The passphrase is read from the user's tty.  ssh-add retries
       the last passphrase if multiple identity files are given.

       The authentication agent must be running and the SSH_AUTH_SOCK environ-
       ment variable must contain the name of its socket for ssh-add to  work.

       The options are as follows:

       -c     Indicates  that  added identities should be subject to confirma-
              tion before being used for authentication.  Confirmation is per-
              formed  by  ssh-askpass(1).  Successful confirmation is signaled
              by a zero exit status  from  ssh-askpass(1),  rather  than  text
              entered into the requester.

       -D     Deletes all identities from the agent.

       -d     Instead of adding identities, removes identities from the agent.
              If ssh-add has been run without  arguments,  the  keys  for  the
              default  identities and their corresponding certificates will be
              removed.  Otherwise, the argument list will be interpreted as  a
              list  of  paths to public key files to specify keys and certifi-
              cates to be removed from the agent.  If no public key  is  found
              at a given path, ssh-add will append .pub and retry.

       -E fingerprint_hash
              Specifies  the  hash  algorithm used when displaying key finger-
              prints.  Valid options are: ``md5'' and ``sha256''.  The default
              is ``sha256''.

       -e pkcs11
              Remove keys provided by the PKCS#11 shared library pkcs11.

       -k     When  loading keys into or deleting keys from the agent, process
              plain private keys only and skip certificates.

       -L     Lists public key parameters of all identities  currently  repre-
              sented by the agent.

       -l     Lists  fingerprints  of  all identities currently represented by
              the agent.

       -s pkcs11
              Add keys provided by the PKCS#11 shared library pkcs11.

       -t life
              Set a maximum lifetime when adding identities to an agent.   The
              lifetime  may be specified in seconds or in a time format speci-
              fied in sshd_config(5).

       -X     Unlock the agent.

       -x     Lock the agent with a password.


ENVIRONMENT

       DISPLAY and SSH_ASKPASS
              If ssh-add needs a passphrase, it will read the passphrase  from
              the  current terminal if it was run from a terminal.  If ssh-add
              does not have a terminal associated  with  it  but  DISPLAY  and
              SSH_ASKPASS  are  set,  it will execute the program specified by
              SSH_ASKPASS (by default ``ssh-askpass )'' and open an X11 window
              to  read the passphrase.  This is particularly useful when call-
              ing ssh-add from a .xsession or related script.  (Note  that  on
              some  machines  it  may  be necessary to redirect the input from
              /dev/null to make this work.)

       SSH_AUTH_SOCK
              Identifies the path of a UNIX-domain socket used to  communicate
              with the agent.


FILES

       ~/.ssh/identity
              Contains  the  protocol version 1 RSA authentication identity of
              the user.

       ~/.ssh/id_dsa
              Contains the protocol version 2 DSA authentication  identity  of
              the user.

       ~/.ssh/id_ecdsa
              Contains the protocol version 2 ECDSA authentication identity of
              the user.

       ~/.ssh/id_ed25519
              Contains the protocol version 2 Ed25519 authentication  identity
              of the user.

       ~/.ssh/id_rsa
              Contains  the  protocol version 2 RSA authentication identity of
              the user.

              Identity files should not be readable by anyone  but  the  user.
              Note  that ssh-add ignores identity files if they are accessible
              by others.


EXIT STATUS

       Exit status is 0 on success, 1 if the specified command fails, and 2 if
       ssh-add is unable to contact the authentication agent.


SEE ALSO

       ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)


AUTHORS

       OpenSSH  is a derivative of the original and free ssh 1.2.12 release by
       Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus  Friedl,  Niels  Provos,
       Theo  de  Raadt and Dug Song removed many bugs, re-added newer features
       and created OpenSSH.  Markus Friedl contributed  the  support  for  SSH
       protocol versions 1.5 and 2.0.

                                March 30 2015                       SSH-ADD(1)

Man(1) output converted with man2html