Table of Contents
ssh-add - adds identities for the authentication agent
ssh-add [-p] [-l] [-d] [-D] [file...]
Ssh-add adds identities to
the authentication agent, ssh-agent. When run without arguments, it adds
the file $HOME/.
ssh/identity. Alternative file names can be given on the
command line. If any file requires a passphrase, ssh-add asks for the passphrase
from the user. If the -p option is given then the passphrase is read from
stdin, otherwise if the user is using X11, the passphrase is requested
using a small X11 program; otherwise it is read from the user's tty. (Note:
it may be necessary to redirect stdin from /dev/null to get the passphrase
requested using X11.)
The authentication agent must be running and must
be an ancestor of the current process for ssh-add to work.
- -p
- Read passphrase from stdin (or pipe).
- -l
- Lists all identities currently
represented by the agent.
- -d
- Instead of adding the identity, removes the
identity from the agent.
- -D
- Deletes all identities from the agent.
Ssh-add returns one of the following exit statuses. These may be
useful in scripts.
- 0
- The requested operation was performed successfully.
- 1
- No connection could be made to the authentication agent. Presumably
there is no authentication agent active in the execution environment of
ssh-add.
- 2
- The user did not supply a required passphrase.
- 3
- An identify file
could not be found, was not readable, or was in bad format.
- 4
- The agent
does not have the requested identity.
- 5
- An unspecified error has occurred;
this is a catch-all for errors not listed above.
- $HOME/.ssh/identity
- Contains the RSA authentication identity of the user. This file should
not be readable by anyone but the user. It is possible to specify a passphrase
when generating the key; that passphrase will be used to encrypt the private
part of this file. This is the default file added by ssh-add when no other
files have been specified.
- If
- ssh-add needs a passphrase, it will read
the passphrase from the current terminal if it was run from a terminal.
If ssh-add does not have a terminal associated with it but DISPLAY
is
set, it will open an X11 window to read the passphrase. This is particularly
useful when calling ssh-add from a .Xsession or related script. (Note that
on some machines it may be necessary to redirect the input from /dev/null
to make this work.)
Tatu Ylonen <ylo@ssh.fi>
ssh-agent(1)
,
ssh-keygen(1)
, ssh(1)
, sshd(8)
Table of Contents