path: root/ssh-agent.1
diff options
authorDamien Miller <>1999-10-27 13:42:43 +1000
committerDamien Miller <>1999-10-27 13:42:43 +1000
commitd4a8b7e34dd619a4debf9a206c81db26d1402ea6 (patch)
treea47d770a2f790f40d18b0982d4e55fa7cfb1fa3b /ssh-agent.1
Initial revision
Diffstat (limited to 'ssh-agent.1')
1 files changed, 124 insertions, 0 deletions
diff --git a/ssh-agent.1 b/ssh-agent.1
new file mode 100644
index 00000000..01c43cde
--- /dev/null
+++ b/ssh-agent.1
@@ -0,0 +1,124 @@
+.\" -*- nroff -*-
+.\" ssh-agent.1
+.\" Author: Tatu Ylonen <>
+.\" Copyright (c) 1995 Tatu Ylonen <>, Espoo, Finland
+.\" All rights reserved
+.\" Created: Sat Apr 23 20:10:43 1995 ylo
+.\" $Id: ssh-agent.1,v 1.1 1999/10/27 03:42:45 damien Exp $
+.Dd September 25, 1999
+.Nm ssh-agent
+.Nd authentication agent
+.Nm ssh-agent
+.Ar command
+is a program to hold authentication private keys. The
+idea is that
+is started in the beginning of an X-session or a login session, and
+all other windows or programs are started as children of the ssh-agent
+program (the
+.Ar command
+normally starts X or is the user shell). Programs started under
+the agent inherit a connection to the agent, and the agent is
+automatically used for RSA authentication when logging to other
+machines using
+.Xr ssh 1 .
+The agent initially does not have any private keys. Keys are added
+.Xr ssh-add 1 .
+When executed without arguments,
+.Xr ssh-add 1
+adds the
+.Pa $HOME/.ssh/identity
+file. If the identity has a passphrase,
+.Xr ssh-add 1
+asks for the passphrase (using a small X11 application if running
+under X11, or from the terminal if running without X). It then sends
+the identity to the agent. Several identities can be stored in the
+agent; the agent can automatically use any of these identities.
+.Ic ssh-add -l
+displays the identities currently held by the agent.
+The idea is that the agent is run in the user's local PC, laptop, or
+terminal. Authentication data need not be stored on any other
+machine, and authentication passphrases never go over the network.
+However, the connection to the agent is forwarded over SSH
+remote logins, and the user can thus use the privileges given by the
+identities anywhere in the network in a secure way.
+A connection to the agent is inherited by child programs:
+A unix-domain socket is created
+.Pq Pa /tmp/ssh-XXXX/agent.<pid> ,
+and the name of this socket is stored in the
+variable. The socket is made accessible only to the current user.
+This method is easily abused by root or another instance of the same
+The agent exits automatically when the command given on the command
+line terminates.
+.Bl -tag -width Ds
+.It Pa $HOME/.ssh/identity
+Contains the RSA authentication identity of the user. This file
+should not be readable by anyone but the user. It is possible to
+specify a passphrase when generating the key; that passphrase will be
+used to encrypt the private part of this file. This file
+is not used by
+but is normally added to the agent using
+.Xr ssh-add 1
+at login time.
+.It Pa /tmp/ssh-XXXX/agent.<pid> ,
+Unix-domain sockets used to contain the connection to the
+authentication agent. These sockets should only be readable by the
+owner. The sockets should get automatically removed when the agent
+Tatu Ylonen <>
+is a derivative of the original (free) ssh 1.2.12 release, but with bugs
+removed and newer features re-added. Rapidly after the 1.2.12 release,
+newer versions bore successively more restrictive licenses. This version
+of OpenSSH
+.Bl -bullet
+has all components of a restrictive nature (ie. patents, see
+.Xr ssl 8 )
+directly removed from the source code; any licensed or patented components
+are chosen from
+external libraries.
+has been updated to support ssh protocol 1.5.
+contains added support for
+.Xr kerberos 8
+authentication and ticket passing.
+supports one-time password authentication with
+.Xr skey 1 .
+The libraries described in
+.Xr ssl 8
+are required for proper operation.
+.Xr ssh 1 ,
+.Xr ssh-add 1 ,
+.Xr ssh-keygen 1 ,
+.Xr sshd 8 ,
+.Xr ssl 8