ssh-agent2, ssh-agent - Starts the Secure Shell authentication agent, which
holds private keys in memory
eval `ssh-agent2 [-s] [-c] [-l] [-d] `
The ssh-agent2 part of the eval command and its options are enclosed
in backquotes, not apostrophes.
-c Specifies the csh-style shell.
-s Specifies the sh-style shell.
-l Specifies that the ssh-agent2 command can also serve ssh1 applications,
can be accessed with the ssh-add command in ssh1 releases, sets the
SSH_AUTH_SOCK and SSH_AGENT_PID environment variables, and shares keys
with both protocols.
-d Prints debug information to stderr. The -d debug_level option is either
a number, from 0 to 99, where 99 specifies that all debug information
should be displayed, or a comma-separated list of assignments (i.e.,
ModulePattern=debug_level). This should be the first argument on the
The ssh-agent2 command starts the Secure Shell authentication agent on a
Secure Shell client that is configured to use public key user authentica-
tion. The authentication agent holds the private keys in memory. The pro-
grams started under the agent inherit a connection to the agent, and the
agent is automatically used for public-key authentication when logging to
other machines using Secure Shell.
Users are prompted for their passphrase when entering Secure Shell commands
on a Secure Shell server that uses public key user authentication. To avoid
entering a passphrase multiple times during a session, a user can run the
Secure Shell authentication agent and load their private keys into the
agent. When the agent is running, all key-related operations are directed
to the agent. The agent terminates when the user logs out or stops the
agent. See Security Administration for more information about Secure Shell
The agent initially does not have any private keys. Keys are added using
the ssh-add2 command. Several identities can be stored in the agent, and
the agent can use any of these identities automatically. Users must ini-
tially enter the passphrase for each key that they want to load.
Passphrases never go over the network. (The ssh-add2 -l command displays
the identities currently held by the agent.)
The command normally starts the X server or is the user shell. All other
windows or programs are started as children of the agent process and
inherit a connection to the agent. If the command is given as an argument
to the ssh-agent2 command, the authentication agent exits automatically
when the command terminates. The command is executed even if the authenti-
cation agent fails to start its key storing and challenge processing ser-
vices. If the ssh-agent2 command is started without any arguments (no com-
mand), it will fork and start the authentication agent as a background pro-
A Tru64 UNIX domain socket is created as /tmp/ssh-$USER/agent-socket-pid,
where pid is the process ID of the listener (authentication agent or sshd
daemon proxying the agent). The name of this socket is stored in the
SSH2_AUTH_SOCK environment variable. The socket is made accessible only to
the current user.
The eval command causes the current shell to interpret the commands output
by the ssh-agent2 command and set the SSH2_AUTH_SOCK and SSH2_AGENT_PID
environment variables. If you omit the eval command, the commands are
printed on standard output when you start the authentication agent.
If the -c or -s options are not given, the ssh-agent2 command uses the
SHELL environment variable to detect what kind of shell you have (csh shell
or sh shell). If ALTSHELL is set to yes in the /etc/default/login file, the
SHELL environment variable is set to the login shell of the user.
The -d debug_level option is either a number, from 0 to 99, where 99 speci-
fies that all debug information should be displayed, or a comma-separated
list of assignments (i.e., ModulePattern=debug_level). This should be the
first argument on the command line.
Stores the name of the of the Tru64 UNIX domain socket.
Stops the Secure Shell authentication agent when it is no longer
needed, such as when you log out from an X session.
Contains the user's private key. This file is not used by the ssh-
agent2 command but is normally added to the authentication agent by
using the ssh-add2 command when the user logs in. This file should not
be readable by anyone but the user. It is possible to specify a
passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file.
Contains the Tru64 UNIX domain sockets used to connect to the authenti-
cation agent, where pid is the process ID of the listener (authentica-
tion agent or sshd daemon proxying the agent). These sockets should be
readable only by the owner. The sockets are automatically removed when
the authentication agent exits. The parent directory of ssh2-$USER
must have its sticky bit set.
SSH is a registered trademark of SSH Communication Security Ltd.
Commands: sftp(1), ssh2(1), ssh-add2(1), ssh-keygen2(1), ssh-pubkeymgr2(1),
Guides: Security Administration