Commit ee196dab authored by Colin Watson's avatar Colin Watson

Import 6.4p1 tarball

parents e01f4f6b c41345ad
*.0
*.out
Makefile
autom4te.cache
buildit.sh
buildpkg.sh
config.cache
config.h
config.h.in
config.log
config.status
configure
openssh.xml
opensshd.init
scp
sftp
sftp-server
ssh
ssh-add
ssh-agent
ssh-keygen
ssh-keyscan
ssh-keysign
ssh-pkcs11-helper
sshd
stamp-h.in
survey
survey.sh
This diff is collapsed.
This diff is collapsed.
MODULI(5) OpenBSD Programmer's Manual MODULI(5)
NAME
moduli - Diffie-Hellman moduli
DESCRIPTION
The /etc/moduli file contains prime numbers and generators for use by
sshd(8) in the Diffie-Hellman Group Exchange key exchange method.
New moduli may be generated with ssh-keygen(1) using a two-step process.
An initial candidate generation pass, using ssh-keygen -G, calculates
numbers that are likely to be useful. A second primality testing pass,
using ssh-keygen -T, provides a high degree of assurance that the numbers
are prime and are safe for use in Diffie-Hellman operations by sshd(8).
This moduli format is used as the output from each pass.
The file consists of newline-separated records, one per modulus,
containing seven space-separated fields. These fields are as follows:
timestamp The time that the modulus was last processed as
YYYYMMDDHHMMSS.
type Decimal number specifying the internal structure of
the prime modulus. Supported types are:
0 Unknown, not tested.
2 "Safe" prime; (p-1)/2 is also prime.
4 Sophie Germain; 2p+1 is also prime.
Moduli candidates initially produced by ssh-keygen(1)
are Sophie Germain primes (type 4). Further primality
testing with ssh-keygen(1) produces safe prime moduli
(type 2) that are ready for use in sshd(8). Other
types are not used by OpenSSH.
tests Decimal number indicating the type of primality tests
that the number has been subjected to represented as a
bitmask of the following values:
0x00 Not tested.
0x01 Composite number - not prime.
0x02 Sieve of Eratosthenes.
0x04 Probabilistic Miller-Rabin primality tests.
The ssh-keygen(1) moduli candidate generation uses the
Sieve of Eratosthenes (flag 0x02). Subsequent
ssh-keygen(1) primality tests are Miller-Rabin tests
(flag 0x04).
trials Decimal number indicating the number of primality
trials that have been performed on the modulus.
size Decimal number indicating the size of the prime in
bits.
generator The recommended generator for use with this modulus
(hexadecimal).
modulus The modulus itself in hexadecimal.
When performing Diffie-Hellman Group Exchange, sshd(8) first estimates
the size of the modulus required to produce enough Diffie-Hellman output
to sufficiently key the selected symmetric cipher. sshd(8) then randomly
selects a modulus from /etc/moduli that best meets the size requirement.
SEE ALSO
ssh-keygen(1), sshd(8)
STANDARDS
M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006,
2006.
OpenBSD 5.4 September 26, 2012 OpenBSD 5.4
......@@ -160,8 +160,6 @@
#define DP_C_LONG 2
#define DP_C_LDOUBLE 3
#define DP_C_LLONG 4
#define DP_C_SIZE 5
#define DP_C_INTMAX 6
#define char_to_int(p) ((p)- '0')
#ifndef MAX
......@@ -184,7 +182,7 @@ static int dopr(char *buffer, size_t maxlen, const char *format,
static int fmtstr(char *buffer, size_t *currlen, size_t maxlen,
char *value, int flags, int min, int max);
static int fmtint(char *buffer, size_t *currlen, size_t maxlen,
intmax_t value, int base, int min, int max, int flags);
LLONG value, int base, int min, int max, int flags);
static int fmtfp(char *buffer, size_t *currlen, size_t maxlen,
LDOUBLE fvalue, int min, int max, int flags);
......@@ -192,7 +190,7 @@ static int
dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
{
char ch;
intmax_t value;
LLONG value;
LDOUBLE fvalue;
char *strvalue;
int min;
......@@ -289,10 +287,6 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
cflags = DP_C_SHORT;
ch = *format++;
break;
case 'j':
cflags = DP_C_INTMAX;
ch = *format++;
break;
case 'l':
cflags = DP_C_LONG;
ch = *format++;
......@@ -305,10 +299,6 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
cflags = DP_C_LDOUBLE;
ch = *format++;
break;
case 'z':
cflags = DP_C_SIZE;
ch = *format++;
break;
default:
break;
}
......@@ -324,10 +314,6 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
value = va_arg (args, long int);
else if (cflags == DP_C_LLONG)
value = va_arg (args, LLONG);
else if (cflags == DP_C_SIZE)
value = va_arg (args, ssize_t);
else if (cflags == DP_C_INTMAX)
value = va_arg (args, intmax_t);
else
value = va_arg (args, int);
if (fmtint(buffer, &currlen, maxlen,
......@@ -342,12 +328,6 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (long)va_arg (args, unsigned LLONG);
else if (cflags == DP_C_SIZE)
value = va_arg (args, size_t);
#ifdef notyet
else if (cflags == DP_C_INTMAX)
value = va_arg (args, uintmax_t);
#endif
else
value = (long)va_arg (args, unsigned int);
if (fmtint(buffer, &currlen, maxlen, value,
......@@ -362,12 +342,6 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (LLONG)va_arg (args, unsigned LLONG);
else if (cflags == DP_C_SIZE)
value = va_arg (args, size_t);
#ifdef notyet
else if (cflags == DP_C_INTMAX)
value = va_arg (args, uintmax_t);
#endif
else
value = (long)va_arg (args, unsigned int);
if (fmtint(buffer, &currlen, maxlen, value,
......@@ -384,12 +358,6 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (LLONG)va_arg (args, unsigned LLONG);
else if (cflags == DP_C_SIZE)
value = va_arg (args, size_t);
#ifdef notyet
else if (cflags == DP_C_INTMAX)
value = va_arg (args, uintmax_t);
#endif
else
value = (long)va_arg (args, unsigned int);
if (fmtint(buffer, &currlen, maxlen, value,
......@@ -448,7 +416,6 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
(long) strvalue, 16, min, max, flags) == -1)
return -1;
break;
#if we_dont_want_this_in_openssh
case 'n':
if (cflags == DP_C_SHORT) {
short int *num;
......@@ -462,21 +429,12 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
LLONG *num;
num = va_arg (args, LLONG *);
*num = (LLONG)currlen;
} else if (cflags == DP_C_SIZE) {
ssize_t *num;
num = va_arg (args, ssize_t *);
*num = (ssize_t)currlen;
} else if (cflags == DP_C_INTMAX) {
intmax_t *num;
num = va_arg (args, intmax_t *);
*num = (intmax_t)currlen;
} else {
int *num;
num = va_arg (args, int *);
*num = currlen;
}
break;
#endif
case '%':
DOPR_OUTCH(buffer, currlen, maxlen, ch);
break;
......
Makefile
snprintftest
strduptest
strtonumtest
/* $OpenBSD: readconf.c,v 1.205 2013/08/20 00:11:37 djm Exp $ */
/* $OpenBSD: readconf.c,v 1.204 2013/06/10 19:19:44 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -137,7 +137,7 @@ typedef enum {
oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
......@@ -249,7 +249,6 @@ static struct {
{ "kexalgorithms", oKexAlgorithms },
{ "ipqos", oIPQoS },
{ "requesttty", oRequestTTY },
{ "proxyusefdpass", oProxyUseFdpass },
{ "ignoreunknown", oIgnoreUnknown },
{ NULL, oBadOption }
......@@ -1073,10 +1072,6 @@ parse_int:
charptr = &options->ignored_unknown;
goto parse_string;
case oProxyUseFdpass:
intptr = &options->proxy_use_fdpass;
goto parse_flag;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
......@@ -1238,7 +1233,6 @@ initialize_options(Options * options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->request_tty = -1;
options->proxy_use_fdpass = -1;
options->ignored_unknown = NULL;
}
......@@ -1391,8 +1385,6 @@ fill_default_options(Options * options)
options->ip_qos_bulk = IPTOS_THROUGHPUT;
if (options->request_tty == -1)
options->request_tty = REQUEST_TTY_AUTO;
if (options->proxy_use_fdpass == -1)
options->proxy_use_fdpass = 0;
/* options->local_command should not be set by default */
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
......
/* $OpenBSD: readconf.h,v 1.96 2013/08/20 00:11:38 djm Exp $ */
/* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
......@@ -138,8 +138,6 @@ typedef struct {
int request_tty;
int proxy_use_fdpass;
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
......
SCP(1) OpenBSD Reference Manual SCP(1)
NAME
scp - secure copy (remote file copy program)
SYNOPSIS
scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
[-l limit] [-o ssh_option] [-P port] [-S program]
[[user@]host1:]file1 ... [[user@]host2:]file2
DESCRIPTION
scp copies files between hosts on a network. It uses ssh(1) for data
transfer, and uses the same authentication and provides the same security
as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if
they are needed for authentication.
File names may contain a user and host specification to indicate that the
file is to be copied to/from that host. Local file names can be made
explicit using absolute or relative pathnames to avoid scp treating file
names containing `:' as host specifiers. Copies between two remote hosts
are also permitted.
The options are as follows:
-1 Forces scp to use protocol 1.
-2 Forces scp to use protocol 2.
-3 Copies between two remote hosts are transferred through the local
host. Without this option the data is copied directly between
the two remote hosts. Note that this option disables the
progress meter.
-4 Forces scp to use IPv4 addresses only.
-6 Forces scp to use IPv6 addresses only.
-B Selects batch mode (prevents asking for passwords or
passphrases).
-C Compression enable. Passes the -C flag to ssh(1) to enable
compression.
-c cipher
Selects the cipher to use for encrypting the data transfer. This
option is directly passed to ssh(1).
-F ssh_config
Specifies an alternative per-user configuration file for ssh.
This option is directly passed to ssh(1).
-i identity_file
Selects the file from which the identity (private key) for public
key authentication is read. This option is directly passed to
ssh(1).
-l limit
Limits the used bandwidth, specified in Kbit/s.
-o ssh_option
Can be used to pass options to ssh in the format used in
ssh_config(5). This is useful for specifying options for which
there is no separate scp command-line flag. For full details of
the options listed below, and their possible values, see
ssh_config(5).
AddressFamily
BatchMode
BindAddress
ChallengeResponseAuthentication
CheckHostIP
Cipher
Ciphers
Compression
CompressionLevel
ConnectionAttempts
ConnectTimeout
ControlMaster
ControlPath
ControlPersist
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
HashKnownHosts
Host
HostbasedAuthentication
HostKeyAlgorithms
HostKeyAlias
HostName
IdentityFile
IdentitiesOnly
IPQoS
KbdInteractiveAuthentication
KbdInteractiveDevices
KexAlgorithms
LogLevel
MACs
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
PKCS11Provider
Port
PreferredAuthentications
Protocol
ProxyCommand
PubkeyAuthentication
RekeyLimit
RhostsRSAAuthentication
RSAAuthentication
SendEnv
ServerAliveInterval
ServerAliveCountMax
StrictHostKeyChecking
TCPKeepAlive
UsePrivilegedPort
User
UserKnownHostsFile
VerifyHostKeyDNS
-P port
Specifies the port to connect to on the remote host. Note that
this option is written with a capital `P', because -p is already
reserved for preserving the times and modes of the file in
rcp(1).
-p Preserves modification times, access times, and modes from the
original file.
-q Quiet mode: disables the progress meter as well as warning and
diagnostic messages from ssh(1).
-r Recursively copy entire directories. Note that scp follows
symbolic links encountered in the tree traversal.
-S program
Name of program to use for the encrypted connection. The program
must understand ssh(1) options.
-v Verbose mode. Causes scp and ssh(1) to print debugging messages
about their progress. This is helpful in debugging connection,
authentication, and configuration problems.
EXIT STATUS
The scp utility exits 0 on success, and >0 if an error occurs.
SEE ALSO
rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
ssh_config(5), sshd(8)
HISTORY
scp is based on the rcp(1) program in BSD source code from the Regents of
the University of California.
AUTHORS
Timo Rinne <tri@iki.fi>
Tatu Ylonen <ylo@cs.hut.fi>
OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
......@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.60 2013/08/14 08:39:27 jmc Exp $
.\" $OpenBSD: scp.1,v 1.59 2013/07/16 00:07:52 schwarze Exp $
.\"
.Dd $Mdocdate: August 14 2013 $
.Dd $Mdocdate: July 16 2013 $
.Dt SCP 1
.Os
.Sh NAME
......@@ -232,9 +232,8 @@ debugging connection, authentication, and configuration problems.
.Nm
is based on the
.Xr rcp 1
program in
.Bx
source code from the Regents of the University of California.
program in BSD source code from the Regents of the University of
California.
.Sh AUTHORS
.An Timo Rinne Aq Mt tri@iki.fi
.An Tatu Ylonen Aq Mt ylo@cs.hut.fi
/* $OpenBSD: servconf.c,v 1.241 2013/08/06 23:06:01 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
......@@ -2063,8 +2063,7 @@ dump_config(ServerOptions *o)
printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
printf("%s\n", iptos2str(o->ip_qos_bulk));
printf("rekeylimit %lld %d\n", (long long)o->rekey_limit,
o->rekey_interval);
printf("rekeylimit %lld %d\n", o->rekey_limit, o->rekey_interval);
channel_print_adm_permitted_opens();
}
/* $OpenBSD: sftp-client.h,v 1.22 2013/08/08 05:04:03 djm Exp $ */
/* $OpenBSD: sftp-client.h,v 1.21 2013/07/25 00:56:51 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
......@@ -92,7 +92,7 @@ char *do_realpath(struct sftp_conn *, char *);
int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
/* Rename 'oldpath' to 'newpath' */
int do_rename(struct sftp_conn *, char *, char *m, int force_legacy);
int do_rename(struct sftp_conn *, char *, char *);
/* Link 'oldpath' to 'newpath' */
int do_hardlink(struct sftp_conn *, char *, char *);
......
SFTP-SERVER(8) OpenBSD System Manager's Manual SFTP-SERVER(8)
NAME
sftp-server - SFTP server subsystem
SYNOPSIS
sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
[-u umask]
DESCRIPTION
sftp-server is a program that speaks the server side of SFTP protocol to
stdout and expects client requests from stdin. sftp-server is not
intended to be called directly, but from sshd(8) using the Subsystem
option.
Command-line flags to sftp-server should be specified in the Subsystem
declaration. See sshd_config(5) for more information.
Valid options are:
-d start_directory
specifies an alternate starting directory for users. The
pathname may contain the following tokens that are expanded at
runtime: %% is replaced by a literal '%', %h is replaced by the
home directory of the user being authenticated, and %u is
replaced by the username of that user. The default is to use the
user's home directory. This option is useful in conjunction with
the sshd_config(5) ChrootDirectory option.
-e Causes sftp-server to print logging information to stderr instead
of syslog for debugging.
-f log_facility
Specifies the facility code that is used when logging messages
from sftp-server. The possible values are: DAEMON, USER, AUTH,
LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
-h Displays sftp-server usage information.
-l log_level
Specifies which messages will be logged by sftp-server. The
possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG,
DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions
that sftp-server performs on behalf of the client. DEBUG and
DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
levels of debugging output. The default is ERROR.
-R Places this instance of sftp-server into a read-only mode.
Attempts to open files for writing, as well as other operations
that change the state of the filesystem, will be denied.
-u umask
Sets an explicit umask(2) to be applied to newly-created files
and directories, instead of the user's default mask.
For logging to work, sftp-server must be able to access /dev/log. Use of
sftp-server in a chroot configuration therefore requires that syslogd(8)
establish a logging socket inside the chroot directory.
SEE ALSO
sftp(1), ssh(1), sshd_config(5), sshd(8)
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
filexfer-02.txt, October 2001, work in progress material.
HISTORY
sftp-server first appeared in OpenBSD 2.8.
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
This diff is collapsed.
.\" $OpenBSD: sftp.1,v 1.94 2013/08/07 06:24:51 jmc Exp $
.\" $OpenBSD: sftp.1,v 1.92 2013/07/25 00:56:51 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
......@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 7 2013 $
.Dd $Mdocdate: July 25 2013 $
.Dt SFTP 1
.Os
.Sh NAME
......@@ -31,7 +31,7 @@
.Sh SYNOPSIS
.Nm sftp
.Bk -words
.Op Fl 1246aCpqrv
.Op Fl 1246Cpqrv
.Op Fl B Ar buffer_size
.Op Fl b Ar batchfile
.Op Fl c Ar cipher
......@@ -107,11 +107,6 @@ to use IPv4 addresses only.
Forces
.Nm
to use IPv6 addresses only.
.It Fl a
Attempt to continue interrupted downloads rather than overwriting existing
partial or complete copies of files.
If the remote file contents differ from the partial local copy then the
resultant file is likely to be corrupt.
.It Fl B Ar buffer_size
Specify the size of the buffer that
.Nm
......@@ -373,8 +368,8 @@ If the
flag is specified, then attempt to resume partial transfers of existing files.
Note that resumption assumes that any partial copy of the local file matches
the remote copy.
If the remote file contents differ from the partial local copy then the
resultant file is likely to be corrupt.
If the remote file differs from the partial local copy then the resultant file
is likely to be corrupt.
.Pp
If either the
.Fl P
......
This diff is collapsed.
SSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1)
NAME
ssh-add - adds private key identities to the authentication agent
SYNOPSIS
ssh-add [-cDdkLlXx] [-t life] [file ...]
ssh-add -s pkcs11
ssh-add -e pkcs11
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After
loading a private key, ssh-add will try to load corresponding certificate
information from the filename obtained by appending -cert.pub to the name
of the private key file. Alternative file names can be given on the
command line.
If any file requires a passphrase, ssh-add asks for the passphrase from
the user. The passphrase is read from the user's tty. ssh-add retries
the last passphrase if multiple identity files are given.
The authentication agent must be running and the SSH_AUTH_SOCK
environment variable must contain the name of its socket for ssh-add to
work.
The options are as follows:
-c Indicates that added identities should be subject to confirmation
before being used for authentication. Confirmation is performed
by the SSH_ASKPASS program mentioned below. Successful
confirmation is signaled by a zero exit status from the
SSH_ASKPASS program, rather than text entered into the requester.
-D Deletes all identities from the agent.
-d Instead of adding identities, removes identities from the agent.
If ssh-add has been run without arguments, the keys for the
default identities and their corresponding certificates will be
removed. Otherwise, the argument list will be interpreted as a
list of paths to public key files to specify keys and
certificates to be removed from the agent. If no public key is
found at a given path, ssh-add will append .pub and retry.
-e pkcs11
Remove keys provided by the PKCS#11 shared library pkcs11.
-k When loading keys into or deleting keys from the agent, process
plain private keys only and skip certificates.
-L Lists public key parameters of all identities currently
represented by the agent.
-l Lists fingerprints of all identities currently represented by the
agent.
-s pkcs11
Add keys provided by the PKCS#11 shared library pkcs11.
-t life
Set a maximum lifetime when adding identities to an agent. The
lifetime may be specified in seconds or in a time format
specified in sshd_config(5).
-X Unlock the agent.
-x Lock the agent with a password.
ENVIRONMENT
DISPLAY and SSH_ASKPASS
If ssh-add needs a passphrase, it will read the passphrase from
the current terminal if it was run from a terminal. If ssh-add
does not have a terminal associated with it but DISPLAY and
SSH_ASKPASS are set, it will execute the program specified by
SSH_ASKPASS and open an X11 window to read the passphrase. This
is particularly useful when calling ssh-add from a .xsession or
related script. (Note that on some machines it may be necessary
to redirect the input from /dev/null to make this work.)
SSH_AUTH_SOCK
Identifies the path of a UNIX-domain socket used to communicate
with the agent.
FILES
~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of
the user.
~/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of
the user.
~/.ssh/id_ecdsa
Contains the protocol version 2 ECDSA authentication identity of
the user.
~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of
the user.
Identity files should not be readable by anyone but the user. Note that
ssh-add ignores identity files if they are accessible by others.
EXIT STATUS
Exit status is 0 on success, 1 if the specified command fails, and 2 if
ssh-add is unable to contact the authentication agent.
SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de Raadt and Dug Song removed many bugs, re-added newer features and
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 5.4 December 3, 2012 OpenBSD 5.4
SSH-AGENT(1) OpenBSD Reference Manual SSH-AGENT(1)
NAME
ssh-agent - authentication agent
SYNOPSIS
ssh-agent [-c | -s] [-d] [-a bind_address] [-t life] [command [arg ...]]
ssh-agent [-c | -s] -k
DESCRIPTION