 |
Index for
Section 1 |
|
 |
Alphabetical
listing for S |
|
 |
Bottom of
page |
|
ssh-agent2(1)
NAME
ssh-agent2, ssh-agent - Starts the authentication agent, which holds
private keys in memory
SYNOPSIS
ssh-agent2 [command]
eval `ssh-agent2 [-s] [-c] [-l] `
Note
The ssh-agent2 part of the eval command and its options are enclosed
in backquotes, not apostrophes.
OPTIONS
-c Specifies the csh-style shell.
-s Specifies the sh-style shell.
-l Specifies that the ssh-agent2 command can also serve ssh1 applications,
can be accessed with the ssh-add command in ssh1 releases, sets the
SSH_AUTH_SOCK and SSH_AGENT_PID environment variables, and shares keys
with both protocols.
DESCRIPTION
The ssh-agent2 command starts the authentication agent on a user's client
system. The authentication agent holds the user's private keys in memory.
Secure Shell clients automatically contact the authentication agent for all
key-related operations. This allows users access to all their remote
accounts that contain their public key file without having to enter their
passphrase.
The authentication agent initially does not have any private keys. Users
start the authentication agent, then enter the ssh-add2 command to load the
private keys into the authentication agent. You must know the passphrase
for each key that you want to load. Passphrases never go over the network.
Users start the authentication agent in the beginning of an X-session or a
login session. The command normally starts the X server or is the user
shell. All other windows or programs are started as children of the
authentication agent process and inherit a connection to the agent.
The connection to the authentication agent is forwarded over ssh remote
logins, and the user can use the privileges given by the identities
anywhere in the network in a secure way. The authentication agent is
automatically used for public key authentication when logging in to other
machines using ssh.
If the command is given as an argument to the ssh-agent2 command, the
authentication agent exits automatically when the command terminates. The
command is executed even if the authentication agent fails to start its key
storing and challenge processing services.
If the ssh-agent2 command is started without any arguments (no command), it
will fork and start the authentication agent as a background process.
A Tru64 UNIX domain socket is created as /tmp/ssh-$USER/agent-socket-pid,
where pid is the process ID of the listener (authentication agent or sshd
daemon proxying the agent). The name of this socket is stored in the
SSH2_AUTH_SOCK environment variable. The socket is made accessible only to
the current user.
The eval command causes the current shell to interpret the commands output
by the ssh-agent2 command and set the SSH2_AUTH_SOCK and SSH2_AGENT_PID
environment variables. If you omit the eval command, the commands are
printed on standard output when you start the authentication agent. The
SSH2_AGENT_PID environment variable can be used to stop the authentication
agent when it is no longer needed; for example, when you log out from an X
session.
If the -c or -s options are not given, the ssh-agent2 command uses the
SHELL environment variable to detect what kind of shell you have (csh shell
or sh shell). If ALTSHELL is set to yes in the /etc/default/login file, the
SHELL environment variable is set to the login shell of the user.
FILES
$HOME/.ssh2/id_KEYTYPE_KEYLEN_XX
Contains the private key authentication identity of the user. This
file should not be readable by anyone but the user. You must specify a
passphrase when generating the key; that passphrase will be used to
encrypt the private part of this file. This file is not used by the
ssh-agent2 command but is normally added to the authentication agent by
using the ssh-add2 command when the user logs in.
/tmp/ssh-$USER/agent-socket-pid
Contains the Tru64 UNIX domain sockets used to connect to the
authentication agent, where pid is the process ID of the listener
(authentication agent or sshd daemon proxying the agent). These sockets
should be readable only by the owner. The sockets are automatically
removed when the authentication agent exits. The parent directory of
ssh2-$USER must have its sticky bit set.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: sftp(1), ssh2(1), ssh-add2(1), ssh-keygen2(1), sshd2(8)
|
Index for
Section 1 |
|
|
Alphabetical
listing for S |
|
 |
Top of
page |
|