Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

ssh-agent(1)                     User Commands                    ssh-agent(1)

       ssh-agent - authentication agent

       ssh-agent [-a bind_address] [-c | -s ]  [-d] [ command [args...]]

       ssh-agent [-c | -s]  -k

       ssh-agent is a program to hold private keys used for public key authen-
       tication (RSA, DSA). ssh-agent is often started at the beginning  of  a
       login  session. All other windows or programs are started as clients to
       the ssh-agent program. Through use of environment variables, the  agent
       can  be  located and automatically used for authentication when logging
       in to other machines using ssh(1). (See  System  Administration  Guide:
       Security Services.)

       If  a  command  line  is given, this is executed as a subprocess of the
       agent. When the command dies, so does the agent.

       The agent initially does not have any  private  keys.  Keys  are  added
       using  ssh-add(1), which sends the identity to the agent. Several iden-
       tities can be stored in the agent; the agent can automatically use  any
       of  these  identities.  Use  the -l option in ssh-add(1) to display the
       identities currently held by the agent.

       The agent is run in the user's local host. Authentication data need not
       be stored on any other machine, and authentication passphrases never go
       over the network. However, if the connection to the agent is  forwarded
       over  SSH  remote  logins, the user can use the privileges given by the
       identities anywhere in the network in a secure way.

       There are two main ways to get an agent setup. Either you let the agent
       start  a  new  subcommand  into  which  some  environment variables are
       exported, or you let the agent print the needed shell commands  (either
       sh(1)  or  csh(1)  syntax can be generated) which can be evalled in the
       calling shell. Later, use ssh(1) to look at  these  variables  and  use
       them to establish a connection to the agent.

       A  unix-domain  socket is created (/tmp/ssh-XXXXXXXX/agent.pid) and the
       name of this socket is stored in the  SSH_AUTH_SOCK  environment  vari-
       able.  The  socket  is  made  accessible only to the current user. This
       method is easily abused by root or another instance of the same user.

       The SSH_AGENT_PID environment variable holds the agent's PID.

       The agent exits automatically when the command  given  on  the  command
       line terminates.

       The following options are supported:

       -a bind_address         Binds  the  agent  to  the  unix-domain  socket
                               bind_address.   The   default   is    /tmp/ssh-

       -c                      Generates  C-shell  commands on stdout. This is
                               the default if SHELL indicates that it is a csh
                               style of shell.

       -d                      Debug mode. When this option is specified, ssh-
                               agent will not fork.

       -k                      Kills  the  current   agent   (given   by   the
                               SSH_AGENT_PID environment variable).

       -s                      Generates Bourne shell commands on stdout. This
                               is the default if SHELL does not indicate  that
                               it is a csh style of shell.

       The following exit values are returned:

       0        Successful completion.

       1        An error occurred.


           Unix-domain sockets used to contain the connection to the authenti-
           cation agent. These sockets should only be readable by  the  owner.
           The sockets are removed when the agent exits.

       See attributes(5) for descriptions of the following attributes:

       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).   ATTRIBUTE  TYPEATTRIBUTE  VALUE   AvailabilitySUNWsshu
       Interface StabilityEvolving

       ssh(1), ssh-add(1), ssh-keygen(1), sshd(1M), attributes(5)

       System Administration Guide: Security Services

       To  view  license  terms,  attribution,  and copyright for OpenSSH, the
       default  path  is  /var/sadm/pkg/SUNWsshdr/install/copyright.  If   the
       Solaris  operating  environment  has been installed anywhere other than
       the default, modify the given path to access the file at the  installed

       OpenSSH  is a derivative of the original and free ssh 1.2.12 release by
       Tatu Ylonen. Aaron Campbell, Bob Beck,  Markus  Friedl,  Niels  Provos,
       Theo  de Raadt and Dug Song removed many bugs, added newer features and
       created Open SSH. Markus Friedl contributed the support for SSH  proto-
       col versions 1.5 and 2.0.

SunOS 5.10                        9 Jan 2004                      ssh-agent(1)