 |
Index for
Section 1 |
|
 |
Alphabetical
listing for S |
|
 |
Bottom of
page |
|
ssh-agent2(1)
NAME
ssh-agent2, ssh-agent - Starts the Secure Shell authentication agent, which
holds private keys in memory
SYNOPSIS
ssh-agent2 [command]
eval `ssh-agent2 [-s] [-c] [-l] [-d] `
Note
The ssh-agent2 part of the eval command and its options are enclosed
in backquotes, not apostrophes.
OPTIONS
-c Specifies the csh-style shell.
-s Specifies the sh-style shell.
-l Specifies that the ssh-agent2 command can also serve ssh1 applications,
can be accessed with the ssh-add command in ssh1 releases, sets the
SSH_AUTH_SOCK and SSH_AGENT_PID environment variables, and shares keys
with both protocols.
-d Prints debug information to stderr. The -d debug_level option is either
a number, from 0 to 99, where 99 specifies that all debug information
should be displayed, or a comma-separated list of assignments (i.e.,
ModulePattern=debug_level). This should be the first argument on the
command line.
DESCRIPTION
The ssh-agent2 command starts the Secure Shell authentication agent on a
Secure Shell client that is configured to use public key user
authentication. The authentication agent holds the private keys in memory.
The programs started under the agent inherit a connection to the agent, and
the agent is automatically used for public-key authentication when logging
to other machines using Secure Shell.
Users are prompted for their passphrase when entering Secure Shell commands
on a Secure Shell server that uses public key user authentication. To avoid
entering a passphrase multiple times during a session, a user can run the
Secure Shell authentication agent and load their private keys into the
agent. When the agent is running, all key-related operations are directed
to the agent. The agent terminates when the user logs out or stops the
agent. See Security Administration for more information about Secure Shell
user authentication.
The agent initially does not have any private keys. Keys are added using
the ssh-add2 command. Several identities can be stored in the agent, and
the agent can use any of these identities automatically. Users must
initially enter the passphrase for each key that they want to load.
Passphrases never go over the network. (The ssh-add2 -l command displays
the identities currently held by the agent.)
The command normally starts the X server or is the user shell. All other
windows or programs are started as children of the agent process and
inherit a connection to the agent. If the command is given as an argument
to the ssh-agent2 command, the authentication agent exits automatically
when the command terminates. The command is executed even if the
authentication agent fails to start its key storing and challenge
processing services. If the ssh-agent2 command is started without any
arguments (no command), it will fork and start the authentication agent as
a background process.
A Tru64 UNIX domain socket is created as /tmp/ssh-$USER/agent-socket-pid,
where pid is the process ID of the listener (authentication agent or sshd
daemon proxying the agent). The name of this socket is stored in the
SSH2_AUTH_SOCK environment variable. The socket is made accessible only to
the current user.
The eval command causes the current shell to interpret the commands output
by the ssh-agent2 command and set the SSH2_AUTH_SOCK and SSH2_AGENT_PID
environment variables. If you omit the eval command, the commands are
printed on standard output when you start the authentication agent.
If the -c or -s options are not given, the ssh-agent2 command uses the
SHELL environment variable to detect what kind of shell you have (csh shell
or sh shell). If ALTSHELL is set to yes in the /etc/default/login file, the
SHELL environment variable is set to the login shell of the user.
The -d debug_level option is either a number, from 0 to 99, where 99
specifies that all debug information should be displayed, or a comma-
separated list of assignments (i.e., ModulePattern=debug_level). This
should be the first argument on the command line.
ENVIRONMENT VARIABLES
SSH2_AUTH_SOCK
Stores the name of the of the Tru64 UNIX domain socket.
SSH2_AGENT_PID
Stops the Secure Shell authentication agent when it is no longer
needed, such as when you log out from an X session.
FILES
$HOME/.ssh2/id_KEYTYPE_KEYLEN_XX
Contains the user's private key. This file is not used by the ssh-
agent2 command but is normally added to the authentication agent by
using the ssh-add2 command when the user logs in. This file should not
be readable by anyone but the user. It is possible to specify a
passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file.
/tmp/ssh-$USER/agent-socket-pid
Contains the Tru64 UNIX domain sockets used to connect to the
authentication agent, where pid is the process ID of the listener
(authentication agent or sshd daemon proxying the agent). These sockets
should be readable only by the owner. The sockets are automatically
removed when the authentication agent exits. The parent directory of
ssh2-$USER must have its sticky bit set.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: sftp(1), ssh2(1), ssh-add2(1), ssh-keygen2(1), ssh-pubkeymgr2(1),
sshd2(8)
Guides: Security Administration
|
Index for
Section 1 |
|
|
Alphabetical
listing for S |
|
 |
Top of
page |
|