unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



ssh-agent2(1)							ssh-agent2(1)



NAME

  ssh-agent2, ssh-agent	- Starts the Secure Shell authentication agent,	which
  holds	private	keys in	memory

SYNOPSIS

  ssh-agent2 [command]

  eval	`ssh-agent2  [-s] [-c] [-l] [-d] `

				     Note

       The ssh-agent2 part of the eval command and its options are enclosed
       in backquotes, not apostrophes.

OPTIONS

  -c  Specifies	the csh-style shell.

  -s  Specifies	the sh-style shell.

  -l  Specifies	that the ssh-agent2 command can	also serve ssh1	applications,
      can be accessed with the ssh-add command in ssh1 releases, sets the
      SSH_AUTH_SOCK and	SSH_AGENT_PID environment variables, and shares	keys
      with both	protocols.

  -d  Prints debug information to stderr. The -d debug_level option is either
      a	number,	from 0 to 99, where 99 specifies that all debug	information
      should be	displayed, or a	comma-separated	list of	assignments (i.e.,
      ModulePattern=debug_level).  This	should be the first argument on	the
      command line.

DESCRIPTION

  The ssh-agent2 command starts	the Secure Shell authentication	agent on a
  Secure Shell client that is configured to use	public key user	authentica-
  tion.	 The authentication agent holds	the private keys in memory.  The pro-
  grams	started	under the agent	inherit	a connection to	the agent, and the
  agent	is automatically used for public-key authentication when logging to
  other	machines using Secure Shell.

  Users	are prompted for their passphrase when entering	Secure Shell commands
  on a Secure Shell server that	uses public key	user authentication. To	avoid
  entering a passphrase	multiple times during a	session, a user	can run	the
  Secure Shell authentication agent and	load their private keys	into the
  agent.  When the agent is running, all key-related operations	are directed
  to the agent.	The agent terminates when the user logs	out or stops the
  agent. See Security Administration for more information about	Secure Shell
  user authentication.

  The agent initially does not have any	private	keys. Keys are added using
  the ssh-add2 command.	 Several identities can	be stored in the agent,	and
  the agent can	use any	of these identities automatically.  Users must ini-
  tially enter the passphrase for each key that	they want to load.
  Passphrases never go over the	network. (The ssh-add2 -l command displays
  the identities currently held	by the agent.)


  The command normally starts the X server or is the user shell. All other
  windows or programs are started as children of the agent process and
  inherit a connection to the agent. If	the command is given as	an argument
  to the ssh-agent2 command, the authentication	agent exits automatically
  when the command terminates. The command is executed even if the authenti-
  cation agent fails to	start its key storing and challenge processing ser-
  vices. If the	ssh-agent2 command is started without any arguments (no	com-
  mand), it will fork and start	the authentication agent as a background pro-
  cess.

  A Tru64 UNIX domain socket is	created	as /tmp/ssh-$USER/agent-socket-pid,
  where	pid is the process ID of the listener (authentication agent or sshd
  daemon proxying the agent). The name of this socket is stored	in the
  SSH2_AUTH_SOCK environment variable.	The socket is made accessible only to
  the current user.

  The eval command causes the current shell to interpret the commands output
  by the ssh-agent2 command and	set the	SSH2_AUTH_SOCK and SSH2_AGENT_PID
  environment variables. If you	omit the eval command, the commands are
  printed on standard output when you start the	authentication agent.

  If  the -c or	-s options are not given, the ssh-agent2 command uses the
  SHELL	environment variable to	detect what kind of shell you have (csh	shell
  or sh	shell).	If ALTSHELL is set to yes in the /etc/default/login file, the
  SHELL	environment variable is	set to the login shell of the user.

  The -d debug_level option is either a	number,	from 0 to 99, where 99 speci-
  fies that all	debug information should be displayed, or a comma-separated
  list of assignments (i.e., ModulePattern=debug_level).  This should be the
  first	argument on the	command	line.

ENVIRONMENT VARIABLES

  SSH2_AUTH_SOCK
	  Stores the name of the of the	Tru64 UNIX domain socket.

  SSH2_AGENT_PID
	  Stops	the Secure Shell authentication	agent when it is no longer
	  needed, such as when you log out from	an X session.

FILES

  $HOME/.ssh2/id_KEYTYPE_KEYLEN_XX
      Contains the user's private key. This file is not	used by	the ssh-
      agent2 command but is normally added to the authentication agent by
      using the	ssh-add2 command when the user logs in.	This file should not
      be readable by anyone but	the user.  It is possible to specify a
      passphrase when generating the key; that passphrase will be
      used to encrypt the private part of this file.

  /tmp/ssh-$USER/agent-socket-pid
      Contains the Tru64 UNIX domain sockets used to connect to	the authenti-
      cation agent, where pid is the process ID	of the listener	(authentica-
      tion agent or sshd daemon	proxying the agent). These sockets should be
      readable only by the owner.  The sockets are automatically removed when
      the authentication agent exits.  The parent directory of ssh2-$USER
      must have	its sticky bit set.




LEGAL NOTICES

  SSH is a registered trademark	of SSH Communication Security Ltd.



SEE ALSO

  Commands: sftp(1), ssh2(1), ssh-add2(1), ssh-keygen2(1), ssh-pubkeymgr2(1),
  sshd2(8)

  Guides: Security Administration