SSH-AGENT(1)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 BSD General Commands Manual\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 SSH-AGENT(1)<\/p>\n
NAME<\/p>\n
ssh-agent \u2014 authentication agent<\/p>\n
SYNOPSIS<\/p>\n
ssh-agent [-c | -s] [-d] [-a bind_address] [-t life]
\n[command [arg …]]
\nssh-agent [-c | -s] -k<\/p>\n
DESCRIPTION<\/p>\n
ssh-agent is a program to hold private keys used for public key authen\u2010
\ntication (RSA, DSA, ECDSA, ED25519).\u00a0 ssh-agent is usually started in
\nthe beginning of an X-session or a login session, and all other windows
\nor programs are started as clients to the ssh-agent program.\u00a0 Through
\nuse of environment variables the agent can be located and automatically
\nused for authentication when logging in to other machines using ssh(1).<\/p>\n
The agent initially does not have any private keys.\u00a0 Keys are added
\nusing ssh-add(1).\u00a0 Multiple identities may be stored in ssh-agent con\u2010
\ncurrently and ssh(1) will automatically use them if present.
\nssh-add(1) is also used to remove keys from ssh-agent and to query the
\nkeys that are held in one.<\/p>\n
The options are as follows:<\/p>\n
-a bind_address
\nBind the agent to the UNIX-domain socket bind_address.\u00a0 The
\ndefault is $TMPDIR\/ssh-XXXXXXXXXX\/agent.<ppid>.<\/p>\n
-c\u00a0\u00a0\u00a0\u00a0\u00a0 Generate C-shell commands on stdout.\u00a0 This is the default if
\nSHELL looks like it’s a csh style of shell.<\/p>\n
-d\u00a0\u00a0\u00a0\u00a0\u00a0 Debug mode.\u00a0 When this option is specified ssh-agent will not
\nfork.<\/p>\n
-k\u00a0\u00a0\u00a0\u00a0\u00a0 Kill the current agent (given by the SSH_AGENT_PID environment
\nvariable).<\/p>\n
-s\u00a0\u00a0\u00a0\u00a0\u00a0 Generate Bourne shell commands on stdout.\u00a0 This is the default
\nif SHELL does not look like it’s a csh style of shell.<\/p>\n
-t life
\nSet a default value for the maximum lifetime of identities
\nadded to the agent.\u00a0 The lifetime may be specified in seconds
\nor in a time format specified in sshd_config(5).\u00a0 A lifetime
\nspecified for an identity with ssh-add(1) overrides this value.
\nWithout this option the default maximum lifetime is forever.<\/p>\n
If a commandline is given, this is executed as a subprocess of the
\nagent.\u00a0 When the command dies, so does the agent.<\/p>\n
The idea is that the agent is run in the user’s local PC, laptop, or
\nterminal.\u00a0 Authentication data need not be stored on any other machine,
\nand authentication passphrases never go over the network.\u00a0 However, the
\nconnection to the agent is forwarded over SSH remote logins, and the
\nuser can thus use the privileges given by the identities anywhere in
\nthe network in a secure way.<\/p>\n
There are two main ways to get an agent set up: The first is that the
\nagent starts a new subcommand into which some environment variables are
\nexported, eg ssh-agent xterm &.\u00a0 The second is that the agent prints
\nthe needed shell commands (either sh(1) or csh(1) syntax can be gener\u2010
\nated) which can be evaluated in the calling shell, eg eval `ssh-agent
\n-s` for Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent
\n-c` for csh(1) and derivatives.<\/p>\n
Later ssh(1) looks at these variables and uses them to establish a con\u2010
\nnection to the agent.<\/p>\n
The agent will never send a private key over its request channel.
\nInstead, operations that require a private key will be performed by the
\nagent, and the result will be returned to the requester.\u00a0 This way,
\nprivate keys are not exposed to clients using the agent.<\/p>\n
A UNIX-domain socket is created and the name of this socket is stored
\nin the SSH_AUTH_SOCK environment variable.\u00a0 The socket is made accessi\u2010
\nble only to the current user.\u00a0 This method is easily abused by root or
\nanother instance of the same user.<\/p>\n
The SSH_AGENT_PID environment variable holds the agent’s process ID.<\/p>\n
The agent exits automatically when the command given on the command
\nline terminates.<\/p>\n
FILES<\/p>\n
$TMPDIR\/ssh-XXXXXXXXXX\/agent.<ppid>
\nUNIX-domain sockets used to contain the connection to the
\nauthentication agent.\u00a0 These sockets should only be readable by
\nthe owner.\u00a0 The sockets should get automatically removed when
\nthe agent exits.<\/p>\n
SEE ALSO<\/p>\n
ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)<\/p>\n
AUTHORS<\/p>\n
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
\nTatu Ylonen.\u00a0 Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
\nTheo de Raadt and Dug Song removed many bugs, re-added newer features
\nand created OpenSSH.\u00a0 Markus Friedl contributed the support for SSH
\nprotocol versions 1.5 and 2.0.<\/p>\n
COLOPHON<\/p>\n
This page is part of the openssh (Portable OpenSSH) project.\u00a0 Informa\u2010
\ntion about the project can be found at
\nhttp:\/\/www.openssh.com\/portable.html.\u00a0 If you have a bug report for
\nthis manual page, see http:\/\/www.openssh.com\/report.html.\u00a0 This page
\nwas obtained from the tarball openssh-6.7p1.tar.gz fetched from
\nhttp:\/\/ftp.eu.openbsd.org\/pub\/OpenBSD\/OpenSSH\/portable\/ on 2014-12-30.
\nIf you discover any rendering problems in this HTML version of the
\npage, or you believe there is a better or more up-to-date source for
\nthe page, or you have corrections or improvements to the information in
\nthis COLOPHON (which is not part of the original manual page), send a
\nmail to\u00a0man-pages@man7.org<\/p>\n
BSD\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 December 31, 2014\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 BSD<\/p>\n","protected":false},"excerpt":{"rendered":"
SSH-AGENT(1)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 BSD General Commands Manual\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 SSH-AGENT(1) NAME ssh-agent \u2014 authentication agent SYNOPSIS ssh-agent [-c | -s] [-d] [-a bind_address] [-t life] [command [arg …]] ssh-agent [-c | -s] -k DESCRIPTION ssh-agent is a program to hold private keys used for public key authen\u2010 tication (RSA, DSA, ECDSA, ED25519).\u00a0 ssh-agent is usually started in the beginning […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[8],"tags":[],"class_list":["post-351","post","type-post","status-publish","format-standard","hentry","category-shell"],"a3_pvc":{"activated":false,"total_views":0,"today_views":0},"_links":{"self":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/posts\/351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=351"}],"version-history":[{"count":0,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=\/wp\/v2\/posts\/351\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.linuxboxen.dk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}