1SSH-ADD(1)                BSD General Commands Manual               SSH-ADD(1)
2

NAME

4     ssh-add — adds private key identities to the authentication agent
5

SYNOPSIS

7     ssh-add [-cDdkLlqvXx] [-E fingerprint_hash] [-t life] [file ...]
8     ssh-add -s pkcs11
9     ssh-add -e pkcs11
10     ssh-add -T pubkey ...
11

DESCRIPTION

13     ssh-add adds private key identities to the authentication agent,
14     ssh-agent(1).  When run without arguments, it adds the files
15     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, and ~/.ssh/id_ed25519.
16     After loading a private key, ssh-add will try to load corresponding cer‐
17     tificate information from the filename obtained by appending -cert.pub to
18     the name of the private key file.  Alternative file names can be given on
19     the command line.
20
21     If any file requires a passphrase, ssh-add asks for the passphrase from
22     the user.  The passphrase is read from the user's tty.  ssh-add retries
23     the last passphrase if multiple identity files are given.
24
25     The authentication agent must be running and the SSH_AUTH_SOCK environ‐
26     ment variable must contain the name of its socket for ssh-add to work.
27
28     The options are as follows:
29
30     -c      Indicates that added identities should be subject to confirmation
31             before being used for authentication.  Confirmation is performed
32             by ssh-askpass(1).  Successful confirmation is signaled by a zero
33             exit status from ssh-askpass(1), rather than text entered into
34             the requester.
35
36     -D      Deletes all identities from the agent.
37
38     -d      Instead of adding identities, removes identities from the agent.
39             If ssh-add has been run without arguments, the keys for the
40             default identities and their corresponding certificates will be
41             removed.  Otherwise, the argument list will be interpreted as a
42             list of paths to public key files to specify keys and certifi‐
43             cates to be removed from the agent.  If no public key is found at
44             a given path, ssh-add will append .pub and retry.
45
46     -E fingerprint_hash
47             Specifies the hash algorithm used when displaying key finger‐
48             prints.  Valid options are: “md5” and “sha256”.  The default is
49             “sha256”.
50
51     -e pkcs11
52             Remove keys provided by the PKCS#11 shared library pkcs11.
53
54     -k      When loading keys into or deleting keys from the agent, process
55             plain private keys only and skip certificates.
56
57     -L      Lists public key parameters of all identities currently repre‐
58             sented by the agent.
59
60     -l      Lists fingerprints of all identities currently represented by the
61             agent.
62
63     -q      Be quiet after a successful operation.
64
65     -s pkcs11
66             Add keys provided by the PKCS#11 shared library pkcs11.
67
68     -T pubkey ...
69             Tests whether the private keys that correspond to the specified
70             pubkey files are usable by performing sign and verify operations
71             on each.
72
73     -t life
74             Set a maximum lifetime when adding identities to an agent.  The
75             lifetime may be specified in seconds or in a time format speci‐
76             fied in sshd_config(5).
77
78     -v      Verbose mode.  Causes ssh-add to print debugging messages about
79             its progress.  This is helpful in debugging problems.  Multiple
80             -v options increase the verbosity.  The maximum is 3.
81
82     -X      Unlock the agent.
83
84     -x      Lock the agent with a password.
85

ENVIRONMENT

87     DISPLAY and SSH_ASKPASS
88             If ssh-add needs a passphrase, it will read the passphrase from
89             the current terminal if it was run from a terminal.  If ssh-add
90             does not have a terminal associated with it but DISPLAY and
91             SSH_ASKPASS are set, it will execute the program specified by
92             SSH_ASKPASS (by default “ssh-askpass”) and open an X11 window to
93             read the passphrase.  This is particularly useful when calling
94             ssh-add from a .xsession or related script.  (Note that on some
95             machines it may be necessary to redirect the input from /dev/null
96             to make this work.)
97
98     SSH_AUTH_SOCK
99             Identifies the path of a UNIX-domain socket used to communicate
100             with the agent.
101

FILES

103     ~/.ssh/id_dsa
104             Contains the DSA authentication identity of the user.
105
106     ~/.ssh/id_ecdsa
107             Contains the ECDSA authentication identity of the user.
108
109     ~/.ssh/id_ed25519
110             Contains the Ed25519 authentication identity of the user.
111
112     ~/.ssh/id_rsa
113             Contains the RSA authentication identity of the user.
114
115     Identity files should not be readable by anyone but the user.  Note that
116     ssh-add ignores identity files if they are accessible by others.
117

EXIT STATUS

119     Exit status is 0 on success, 1 if the specified command fails, and 2 if
120     ssh-add is unable to contact the authentication agent.
121

SEE ALSO

123     ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)
124

AUTHORS

126     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
127     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
128     de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
129     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
130     versions 1.5 and 2.0.
131
132BSD                              June 22, 2019                             BSD
Impressum