summaryrefslogtreecommitdiff
path: root/usr/src/man/man1/ssh-agent.1
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/man/man1/ssh-agent.1')
-rw-r--r--usr/src/man/man1/ssh-agent.1211
1 files changed, 211 insertions, 0 deletions
diff --git a/usr/src/man/man1/ssh-agent.1 b/usr/src/man/man1/ssh-agent.1
new file mode 100644
index 0000000000..d16953b23e
--- /dev/null
+++ b/usr/src/man/man1/ssh-agent.1
@@ -0,0 +1,211 @@
+'\" te
+.\" To view license terms, attribution, and copyright for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the
+.\" installed location.
+.\" Portions Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
+.TH ssh-agent 1 "17 Aug 2009" "SunOS 5.11" "User Commands"
+.SH NAME
+ssh-agent \- authentication agent
+.SH SYNOPSIS
+.LP
+.nf
+\fBssh-agent\fR [\fB-a\fR \fIbind_address\fR] [\fB-c\fR | \fB-s\fR ] [\fB-d\fR]
+ [-t \fIlife\fR] [\fIcommand\fR [\fIargs\fR]...]
+.fi
+
+.LP
+.nf
+\fBssh-agent\fR [\fB-c\fR | \fB-s\fR] \fB-k\fR
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+\fBssh-agent\fR is a program to hold private keys used for public key
+authentication (\fBRSA\fR, \fBDSA\fR). \fBssh-agent\fR is often started at the
+beginning of a login session. All other windows or programs are started as
+clients to the \fBssh-agent\fR program. Through use of environment variables,
+the agent can be located and automatically used for authentication when logging
+in to other machines using \fBssh\fR(1). See the \fISystem Administration
+Guide: Security Services\fR.
+.sp
+.LP
+If a command line is given, this is executed as a subprocess of the agent. When
+the command dies, so does the agent.
+.sp
+.LP
+The agent initially does not have any private keys. Keys are added using
+\fBssh-add\fR(1), which sends the identity to the agent. Several identities can
+be stored in the agent; the agent can automatically use any of these
+identities. Use the \fB-l\fR option in \fBssh-add\fR(1) to display the
+identities currently held by the agent.
+.sp
+.LP
+The agent is run in the user's local host. Authentication data need not be
+stored on any other machine, and authentication passphrases never go over the
+network. However, if the connection to the agent is forwarded over \fBSSH\fR
+remote logins, the user can use the privileges given by the identities anywhere
+in the network in a secure way.
+.sp
+.LP
+There are two main ways to get an agent setup. Either you let the agent start a
+new subcommand into which some environment variables are exported, or you let
+the agent print the needed shell commands (either \fBsh\fR(1) or \fBcsh\fR(1)
+syntax can be generated) which can be evalled in the calling shell. Later, use
+\fBssh\fR(1) to look at these variables and use them to establish a connection
+to the agent.
+.sp
+.LP
+A unix-domain socket is created (\fB/tmp/ssh-XXXXXXXX/agent.\fIpid\fR\fR) and
+the name of this socket is stored in the \fBSSH_AUTH_SOCK\fR environment
+variable. The socket is made accessible only to the current user. This method
+is easily abused by root or another instance of the same user.
+.sp
+.LP
+The \fBSSH_AGENT_PID\fR environment variable holds the agent's \fBPID\fR.
+.sp
+.LP
+The agent exits automatically when the command given on the command line
+terminates.
+.SH OPTIONS
+.sp
+.LP
+The following options are supported:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-a\fR \fIbind_address\fR\fR
+.ad
+.RS 19n
+.rt
+Binds the agent to the unix-domain socket bind_address. The default is
+\fB/tmp/ssh-XXXXXXXX/agent.\fIpid\fR\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-c\fR\fR
+.ad
+.RS 19n
+.rt
+Generates C-shell commands on stdout. This is the default if \fBSHELL\fR
+indicates that it is a csh style of shell.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-d\fR\fR
+.ad
+.RS 19n
+.rt
+Debug mode. When this option is specified, \fBssh-agent\fR does not fork.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-k\fR\fR
+.ad
+.RS 19n
+.rt
+Kills the current agent (given by the \fBSSH_AGENT_PID\fR environment
+variable).
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-s\fR\fR
+.ad
+.RS 19n
+.rt
+Generates Bourne shell commands on stdout. This is the default if \fBSHELL\fR
+does not indicate that it is a csh style of shell.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-t\fR \fIlife\fR\fR
+.ad
+.RS 19n
+.rt
+Set a default value for the maximum lifetime (\fIlife\fR) of identities added
+to the agent. \fIlife\fR can be specified in seconds or in a time format
+specified in \fBsshd_config\fR(4). \fIlife\fR specified for an identity with
+\fBssh-add\fR(1) overrides this value. Without this option the default maximum
+\fIlife\fR is forever.
+.RE
+
+.SH EXIT STATUS
+.sp
+.LP
+The following exit values are returned:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB0\fR\fR
+.ad
+.RS 5n
+.rt
+Successful completion.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB1\fR\fR
+.ad
+.RS 5n
+.rt
+An error occurred.
+.RE
+
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/tmp/ssh-XXXXXXXX/agent.\fIpid\fR\fR\fR
+.ad
+.sp .6
+.RS 4n
+Unix-domain sockets used to contain the connection to the authentication agent.
+These sockets should only be readable by the owner. The sockets are removed
+when the agent exits.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBssh\fR(1), \fBssh-add\fR(1), \fBssh-keygen\fR(1), \fBsshd\fR(1M),
+\fBsshd_config\fR(4), \fBattributes\fR(5)
+.sp
+.LP
+\fISystem Administration Guide: Security Services\fR
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 01:58:51 +0000