-SSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1)
+SSH-ADD(1) General Commands Manual SSH-ADD(1)
NAME
- ssh-add - adds private key identities to the authentication agent
+ ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
SYNOPSIS
- ssh-add [-cDdLlXx] [-t life] [file ...]
+ ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...]
ssh-add -s pkcs11
ssh-add -e pkcs11
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After
- loading a private key, ssh-add will try to load corresponding certificate
- information from the filename obtained by appending -cert.pub to the name
- of the private key file. Alternative file names can be given on the
- command line.
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
+ ~/.ssh/identity. After loading a private key, ssh-add will try to load
+ corresponding certificate information from the filename obtained by
+ appending -cert.pub to the name of the private key file. Alternative
+ file names can be given on the command line.
If any file requires a passphrase, ssh-add asks for the passphrase from
the user. The passphrase is read from the user's tty. ssh-add retries
-c Indicates that added identities should be subject to confirmation
before being used for authentication. Confirmation is performed
- by the SSH_ASKPASS program mentioned below. Successful
- confirmation is signaled by a zero exit status from the
- SSH_ASKPASS program, rather than text entered into the requester.
+ by ssh-askpass(1). Successful confirmation is signaled by a zero
+ exit status from ssh-askpass(1), rather than text entered into
+ the requester.
-D Deletes all identities from the agent.
-d Instead of adding identities, removes identities from the agent.
If ssh-add has been run without arguments, the keys for the
- default identities will be removed. Otherwise, the argument list
- will be interpreted as a list of paths to public key files and
- matching keys will be removed from the agent. If no public key
- is found at a given path, ssh-add will append .pub and retry.
+ default identities and their corresponding certificates will be
+ removed. Otherwise, the argument list will be interpreted as a
+ list of paths to public key files to specify keys and
+ certificates to be removed from the agent. If no public key is
+ found at a given path, ssh-add will append .pub and retry.
+
+ -E fingerprint_hash
+ Specifies the hash algorithm used when displaying key
+ fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
+ default is M-bM-^@M-^\sha256M-bM-^@M-^].
-e pkcs11
Remove keys provided by the PKCS#11 shared library pkcs11.
+ -k When loading keys into or deleting keys from the agent, process
+ plain private keys only and skip certificates.
+
-L Lists public key parameters of all identities currently
represented by the agent.
the current terminal if it was run from a terminal. If ssh-add
does not have a terminal associated with it but DISPLAY and
SSH_ASKPASS are set, it will execute the program specified by
- SSH_ASKPASS and open an X11 window to read the passphrase. This
- is particularly useful when calling ssh-add from a .xsession or
- related script. (Note that on some machines it may be necessary
- to redirect the input from /dev/null to make this work.)
+ SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to
+ read the passphrase. This is particularly useful when calling
+ ssh-add from a .xsession or related script. (Note that on some
+ machines it may be necessary to redirect the input from /dev/null
+ to make this work.)
SSH_AUTH_SOCK
Identifies the path of a UNIX-domain socket used to communicate
Contains the protocol version 2 ECDSA authentication identity of
the user.
+ ~/.ssh/id_ed25519
+ Contains the protocol version 2 Ed25519 authentication identity
+ of the user.
+
~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of
the user.
ssh-add is unable to contact the authentication agent.
SEE ALSO
- ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
+ ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.0 October 28, 2010 OpenBSD 5.0
+OpenBSD 5.8 March 30, 2015 OpenBSD 5.8