ssh-add2, ssh-add - Adds private keys into the authentication agent
ssh-add2 [-p] [-l] [-N] [-P] [-I] [-d] [-D] [-L] [-U] [-1] [-u] [-f
forwarding_steps] [-F forwarding_constraint] [-t timeout] [-R
OpenPGP_keyring] [file . . .]
-p Reads passphrase from stdin (or pipe).
-l Lists all identities currently represented by the agent.
-N Keys added or deleted are stored in the OpenPGP key ring and identified
by the key name string.
-P Keys added or deleted are stored in the OpenPGP key ring and identified
by the key fingerprint.
-I Keys added or deleted are stored in the OpenPGP key ring and identified
by the key ID number.
-d Removes the identity from the agent.
-D Deletes all identities from the agent.
-L Temporarily locks the agent with a password.
-U Unlocks the locked agent. The password given when the agent was locked
must be used to unlock.
-1 Specifies that the agent is not allowed to use keys added with this
command in ssh1 compatibility operations.
-u Specifies that the keys added are not read from the file; instead, the
keys are given to the agent as a URL. With this option, the agent can
get information about the additional key sources, like smart cards.
Specifies that the key can be used only through as many forwarding
steps as directed by the argument. Argument 0 states that the key can
be used only locally. Be aware that ssh1 does not submit forwarding
information; therefore, this option might not work as expected with
Specifies a comma-separated list of host name patterns through which
the key can be forwarded. For example, the forwarding constraint
string of *.ssh.com,rinne.iki.fi states that the key can be forwarded
to any host in domain ssh.com and host rinne.iki.fi and used locally.
Be aware that ssh1 does not submit forwarding information; therefore,
this option might not work as expected with ssh1 compatibility.
Specifies the amount of time (in minutes) that the agent will wait
before deleting the key.
Specifies the OpenPGP secret key ring file.
The ssh-add2 command adds private keys into the ssh-agent2 authentication
agent. The authentication agent must be running and must be an ancestor of
the current process.
If a private key requires a passphrase, the ssh-add2 command prompts the
user for the passphrase. If the -p option is given, the passphrase is read
from stdin. If X11 is used (i.e., if the DISPLAY environment variable is
set to a valid value), the passphrase is requested using a small X11 pro-
gram. Otherwise, it is read from the user's tty. (When using X11, it may
be necessary to call ssh-add2 with '< /dev/null' to activate the prompting
If the user is using a terminal, the passphrase is requested in the termi-
nal window. If the user is using X11, the passphrase is requested in an X11
window. This feature is useful when calling the ssh-add2 command from an
.Xsession or a related script. It might be necessary to redirect input
from /dev/null to get the passphrase requested using X11.
The ssh-add2 command returns one of the following exit values. These can
be useful in scripts.
0 The requested operation was performed successfully.
1 No connection could be made to the authentication agent. Presumably
there is no authentication agent active in the execution environment of
the ssh-add2 command.
2 The user did not supply a required passphrase.
3 An identity file could not be found, was not readable, or was in bad
4 The agent does not have the requested identity.
5 An unspecified error has occurred; this is for errors not listed previ-
Contains the names of the private keys to be used in authentication.
$HOME/.ssh2/id_KEYTYPE_KEYLEN_X for example id_dsa_1024_a
Contains a user's private key.
$HOME/.ssh2/id_KEYTYPE_KEYLEN_X.pub for example id_dsa_1024_a.pub
Contains standard private and public key files.
SSH is a registered trademark of SSH Communication Security Ltd.
Commands: ssh2(1), ssh-agent2(1), ssh-keygen2(1), sshd2(8)