1SSH-ADD(1)                BSD General Commands Manual               SSH-ADD(1)
2

NAME

4     ssh-add — adds private key identities to the authentication agent
5

SYNOPSIS

7     ssh-add [-cDdkLlqXx] [-E fingerprint_hash] [-t life] [file ...]
8     ssh-add -s pkcs11
9     ssh-add -e pkcs11
10

DESCRIPTION

12     ssh-add adds private key identities to the authentication agent,
13     ssh-agent(1).  When run without arguments, it adds the files
14     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, and ~/.ssh/id_ed25519.
15     After loading a private key, ssh-add will try to load corresponding cer‐
16     tificate information from the filename obtained by appending -cert.pub to
17     the name of the private key file.  Alternative file names can be given on
18     the command line.
19
20     If any file requires a passphrase, ssh-add asks for the passphrase from
21     the user.  The passphrase is read from the user's tty.  ssh-add retries
22     the last passphrase if multiple identity files are given.
23
24     The authentication agent must be running and the SSH_AUTH_SOCK environ‐
25     ment variable must contain the name of its socket for ssh-add to work.
26
27     The options are as follows:
28
29     -c      Indicates that added identities should be subject to confirmation
30             before being used for authentication.  Confirmation is performed
31             by ssh-askpass(1).  Successful confirmation is signaled by a zero
32             exit status from ssh-askpass(1), rather than text entered into
33             the requester.
34
35     -D      Deletes all identities from the agent.
36
37     -d      Instead of adding identities, removes identities from the agent.
38             If ssh-add has been run without arguments, the keys for the
39             default identities and their corresponding certificates will be
40             removed.  Otherwise, the argument list will be interpreted as a
41             list of paths to public key files to specify keys and certifi‐
42             cates to be removed from the agent.  If no public key is found at
43             a given path, ssh-add will append .pub and retry.
44
45     -E fingerprint_hash
46             Specifies the hash algorithm used when displaying key finger‐
47             prints.  Valid options are: “md5” and “sha256”.  The default is
48             “sha256”.
49
50     -e pkcs11
51             Remove keys provided by the PKCS#11 shared library pkcs11.
52
53     -k      When loading keys into or deleting keys from the agent, process
54             plain private keys only and skip certificates.
55
56     -L      Lists public key parameters of all identities currently repre‐
57             sented by the agent.
58
59     -l      Lists fingerprints of all identities currently represented by the
60             agent.
61
62     -q      Be quiet after a successful operation.
63
64     -s pkcs11
65             Add keys provided by the PKCS#11 shared library pkcs11.
66
67     -t life
68             Set a maximum lifetime when adding identities to an agent.  The
69             lifetime may be specified in seconds or in a time format speci‐
70             fied in sshd_config(5).
71
72     -X      Unlock the agent.
73
74     -x      Lock the agent with a password.
75

ENVIRONMENT

77     DISPLAY and SSH_ASKPASS
78             If ssh-add needs a passphrase, it will read the passphrase from
79             the current terminal if it was run from a terminal.  If ssh-add
80             does not have a terminal associated with it but DISPLAY and
81             SSH_ASKPASS are set, it will execute the program specified by
82             SSH_ASKPASS (by default “ssh-askpass”) and open an X11 window to
83             read the passphrase.  This is particularly useful when calling
84             ssh-add from a .xsession or related script.  (Note that on some
85             machines it may be necessary to redirect the input from /dev/null
86             to make this work.)
87
88     SSH_AUTH_SOCK
89             Identifies the path of a UNIX-domain socket used to communicate
90             with the agent.
91

FILES

93     ~/.ssh/id_dsa
94             Contains the DSA authentication identity of the user.
95
96     ~/.ssh/id_ecdsa
97             Contains the ECDSA authentication identity of the user.
98
99     ~/.ssh/id_ed25519
100             Contains the Ed25519 authentication identity of the user.
101
102     ~/.ssh/id_rsa
103             Contains the RSA authentication identity of the user.
104
105     Identity files should not be readable by anyone but the user.  Note that
106     ssh-add ignores identity files if they are accessible by others.
107

EXIT STATUS

109     Exit status is 0 on success, 1 if the specified command fails, and 2 if
110     ssh-add is unable to contact the authentication agent.
111

SEE ALSO

113     ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)
114

AUTHORS

116     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
117     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
118     de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
119     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
120     versions 1.5 and 2.0.
121
122BSD                              June 20, 2019                             BSD
Impressum