SSH-ADD2

NAME

SYNOPSIS

DESCRIPTION

ssh-add2 adds identities to the authentication agent, ssh-agent2. If any file requires a passphrase, ssh-add2 asks for the passphrase from the user. If the -p option is given then the passphrase is read from stdin, otherwise if the user is using X11, the passphrase is requested using a small X11 program; otherwise it is read from the user's tty. (Note: it may be necessary to redirect stdin from /dev/null to get the passphrase requested using X11.)

The authentication agent must be running and must be an ancestor of the current process for ssh-add2 to work.

If ssh-add2 needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If ssh-add2 does not have a terminal associated with it but DISPLAY is set, it will open an X11 window to read the passphrase. This is particularly useful when calling ssh-add2 from a .Xsession or related script. (Note that on some machines it may be necessary to redirect the input from /dev/null to make this work.)

OPTIONS

-p

Read passphrase from stdin (or pipe).

-l

Lists all identities currently represented by the agent.

-N

Keys added/deleted are stored in the OpenPGP keyring and identified by key name string.

-P

Keys added/deleted are stored in the OpenPGP keyring and identified by key fingerprint.

-F

Keys added/deleted are stored in the OpenPGP keyring and identified by key id number.

-d

Instead of adding the identity, removes the identity from the agent.

-D

Deletes all identities from the agent.

-L

Temporarily locks the agent with a password.

-U

Unlocks the locked agent.

-1

Agent is not allowed to use keys added with this command in ssh1 compatibility operations.       

-u

The keys added are not read from the file, but instead the key is given to the agent as URL. With this functionality, agent can get information about the additional key sources, like smartcards.

-f forwarding steps

Key can be used only through as many forwarding steps as directed by the argument. Argument 0 states that key can only be used locally. Be aware, that ssh1 does not submit forwarding information, so with ssh1 compatibility, this constraint may not work as expected.

-F forwarding constraint

The argument is a comma separated list, through which kind of steps the key can be forwarded. For example constraint string "*.ssh.fi,rinne.iki.fi" states that key can be forwarded to any host in domain ssh.fi and also to host rinne.iki.fi and used locally. Be aware, that ssh1 does not submit forwarding information, so with ssh1 compatibility, this constraint may not work as expected.

-t timeout

The agent is advised to delete the key after timeout. Timeout is given in minutes.

-R OpenPGP keyring

Argument identifies OpenPGP secret keyring file.

RETURN STATUS

ssh-add2 returns one of the following exit statuses. These may be useful in scripts.

0

The requested operation was performed successfully.

1

No connection could be made to the authentication agent. Presumably there is no authentication agent active in the execution environment of ssh-add2.

2

The user did not supply a required passphrase.

3

An identify file could not be found, was not readable, or was in bad format.

4

The agent does not have the requested identity.

5

An unspecified error has occurred; this is a catch-all for errors not listed above.

FILES

$HOME/.ssh2/identification

Contains names of the private keys that are to be used in authentication. See ssh2(1) for more information.

$HOME/.ssh2/id_KEYTYPE_KEYLEN_X

$HOME/.ssh2/id_KEYTYPE_KEYLEN_X.pub

Standard private and public identification key files.

AUTHORS

SSH Communications Security Oy

For more information, see http://www.ssh.com.

SEE ALSO

Index

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

RETURN STATUS

FILES

AUTHORS

SEE ALSO