Lines Matching refs:agent

1 This describes the protocol used by OpenSSH's ssh-agent.
3 OpenSSH's agent supports managing keys for the standard SSH protocol
20 message is a request to the agent (*_AGENTC_*) or a reply from the
21 agent (*_AGENT_*). Section 3 below contains the mapping of the
26 Because of support for legacy SSH protocol 1 keys, OpenSSH's agent
65 requests from the client. On success the agent may reply either with:
71 On failure, the agent may reply with:
78 2.2 Adding keys to the agent
80 Keys are added to the agent using the SSH_AGENTC_ADD_RSA_IDENTITY and
90 to the agent using the SSH_AGENTC_ADD_SMARTCARD_KEY and
95 The OpenSSH agent supports some basic optional constraints on key usage.
105 valid measured from the moment that the agent receives it. After the
106 validity period has expired, OpenSSH's agent will erase these keys from
109 The second constraint requires the agent to seek explicit user
135 A client may add a protocol 1 key to an agent with the following
157 The agent will reply with a SSH_AGENT_SUCCESS if the key has been
162 The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA
266 The agent will reply with a SSH_AGENT_SUCCESS if the key has been
271 The OpenSSH agent may have optional smartcard support built in to it. If
273 only the public components of the keys are loaded into the agent so
293 The agent will reply with a SSH_AGENT_SUCCESS if one or more keys have
295 The agent will also return SSH_AGENT_FAILURE if it does not support
300 A client may request that an agent delete all protocol 1 keys using the
309 On success, the agent will delete all keys of the requested type and
310 reply with a SSH_AGENT_SUCCESS message. If an error occurred, the agent
331 The agent will delete any private key matching the specified public key
332 and return SSH_AGENT_SUCCESS. If no such key was found, the agent will
345 The agent will delete any private key matching the specified public key
346 and return SSH_AGENT_SUCCESS. If no such key was found, the agent will
361 When this message is received, and if the agent supports
365 The agent will reply with a SSH_AGENT_SUCCESS if one or more keys have
367 The agent will also return SSH_AGENT_FAILURE if it does not support
372 An agent may be requested to list which keys it holds. Different
377 To request a list of protocol 1 keys that are held in the agent, a
382 The agent will reply with the following message:
397 protocol 2 keys that are stored in the agent:
401 The agent will reply with the following message header:
416 The purpose of the agent is to perform private key operations, such as
462 If the agent cannot find the key specified by the supplied (rsa_e,
482 Upon receiving this request, the agent will look up the private key that
500 If the agent cannot find the key specified by the supplied key_blob then
503 2.7 Locking or unlocking an agent
505 The agent supports temporary locking with a passphrase to suspend
507 same passphrase. To lock an agent, a client send the following request:
512 Upon receipt of this message and if the agent is not already locked,
514 reply. If the agent is already locked, it will return SSH_AGENT_FAILURE.
516 While locked, the agent will refuse all requests except
519 treated specially by a locked agent: it will always return an empty list
522 To unlock an agent, a client may request:
527 If the passphrase matches and the agent is locked, then it will resume
528 processing all requests and return SSH_AGENT_SUCCESS. If the agent
536 3.1 Requests from client to agent for protocol 1 key operations
545 3.2 Requests from client to agent for protocol 2 key operations
554 3.3 Key-type independent requests from client to agent
562 3.4 Generic replies from agent to client
567 3.5 Replies from agent to client for protocol 1 key operations
572 3.6 Replies from agent to client for protocol 2 key operations
582 $OpenBSD: PROTOCOL.agent,v 1.11 2016/05/19 07:45:32 djm Exp $