1SSH-ADD(1)                BSD General Commands Manual               SSH-ADD(1)
2

NAME

4     ssh-add — adds private key identities to the authentication agent
5

SYNOPSIS

7     ssh-add [-cDdLlXx] [-t life] [file ...]
8     ssh-add -s pkcs11
9     ssh-add -e pkcs11
10     ssh-add -n [-T token]
11

DESCRIPTION

13     ssh-add adds private key identities to the authentication agent,
14     ssh-agent(1).  When run without arguments, it adds the files
15     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity.  After
16     loading a private key, ssh-add will try to load corresponding certificate
17     information from the filename obtained by appending -cert.pub to the name
18     of the private key file.  Alternative file names can be given on the com‐
19     mand line.
20
21     If any file requires a passphrase, ssh-add asks for the passphrase from
22     the user.  The passphrase is read from the user's tty.  ssh-add retries
23     the last passphrase if multiple identity files are given.
24
25     The authentication agent must be running and the SSH_AUTH_SOCK environ‐
26     ment variable must contain the name of its socket for ssh-add to work.
27
28     The options are as follows:
29
30     -c      Indicates that added identities should be subject to confirmation
31             before being used for authentication.  Confirmation is performed
32             by the SSH_ASKPASS program mentioned below.  Successful confirma‐
33             tion is signaled by a zero exit status from the SSH_ASKPASS pro‐
34             gram, rather than text entered into the requester.
35
36     -D      Deletes all identities from the agent.
37
38     -d      Instead of adding identities, removes identities from the agent.
39             If ssh-add has been run without arguments, the keys for the
40             default identities will be removed.  Otherwise, the argument list
41             will be interpreted as a list of paths to public key files and
42             matching keys will be removed from the agent.  If no public key
43             is found at a given path, ssh-add will append .pub and retry.
44
45     -e pkcs11
46             Remove key provided by pkcs11.
47
48     -L      Lists public key parameters of all identities currently repre‐
49             sented by the agent.
50
51     -l      Lists fingerprints of all identities currently represented by the
52             agent.
53
54     -s pkcs11
55             Add key provided by pkcs11.
56
57     -t life
58             Set a maximum lifetime when adding identities to an agent.  The
59             lifetime may be specified in seconds or in a time format speci‐
60             fied in
61
62     -T token
63             Explicitly set token name.  sshd_config(5).
64
65     -X      Unlock the agent.
66
67     -x      Lock the agent with a password.
68

ENVIRONMENT

70     DISPLAY and SSH_ASKPASS
71             If ssh-add needs a passphrase, it will read the passphrase from
72             the current terminal if it was run from a terminal.  If ssh-add
73             does not have a terminal associated with it but DISPLAY and
74             SSH_ASKPASS are set, it will execute the program specified by
75             SSH_ASKPASS and open an X11 window to read the passphrase.  This
76             is particularly useful when calling ssh-add from a .xsession or
77             related script.  (Note that on some machines it may be necessary
78             to redirect the input from /dev/null to make this work.)
79
80     SSH_AUTH_SOCK
81             Identifies the path of a unix-domain socket used to communicate
82             with the agent.
83
84     SSH_USE_STRONG_RNG
85             The reseeding of the OpenSSL random generator is usually done
86             from /dev/urandom.  If the SSH_USE_STRONG_RNG environment vari‐
87             able is set to value other than 0 the OpenSSL random generator is
88             reseeded from /dev/random.  The number of bytes read is defined
89             by the SSH_USE_STRONG_RNG value.  Minimum is 14 bytes.  This set‐
90             ting is not recommended on the computers without the hardware
91             random generator because insufficient entropy causes the connec‐
92             tion to be blocked until enough entropy is available.
93

FILES

95     ~/.ssh/identity
96             Contains the protocol version 1 RSA authentication identity of
97             the user.
98
99     ~/.ssh/id_dsa
100             Contains the protocol version 2 DSA authentication identity of
101             the user.
102
103     ~/.ssh/id_ecdsa
104             Contains the protocol version 2 ECDSA authentication identity of
105             the user.
106
107     ~/.ssh/id_rsa
108             Contains the protocol version 2 RSA authentication identity of
109             the user.
110
111     Identity files should not be readable by anyone but the user.  Note that
112     ssh-add ignores identity files if they are accessible by others.
113

DIAGNOSTICS

115     Exit status is 0 on success, 1 if the specified command fails, and 2 if
116     ssh-add is unable to contact the authentication agent.
117

SEE ALSO

119     ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
120

AUTHORS

122     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
123     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
124     de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
125     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
126     versions 1.5 and 2.0.
127
128BSD                              June 21, 2019                             BSD
Impressum