1SSH-ADD(1)                  General Commands Manual                 SSH-ADD(1)
2
3NAME
4     ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
5
6SYNOPSIS
7     ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...]
8     ssh-add -s pkcs11
9     ssh-add -e pkcs11
10
11DESCRIPTION
12     ssh-add adds private key identities to the authentication agent,
13     ssh-agent(1).  When run without arguments, it adds the files
14     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
15     ~/.ssh/identity.  After loading a private key, ssh-add will try to load
16     corresponding certificate information from the filename obtained by
17     appending -cert.pub to the name of the private key file.  Alternative
18     file names can be given on the command line.
19
20     If any file requires a passphrase, ssh-add asks for the passphrase from
21     the user.  The passphrase is read from the user's tty.  ssh-add retries
22     the last passphrase if multiple identity files are given.
23
24     The authentication agent must be running and the SSH_AUTH_SOCK
25     environment variable must contain the name of its socket for ssh-add to
26     work.
27
28     The options are as follows:
29
30     -c      Indicates that added identities should be subject to confirmation
31             before being used for authentication.  Confirmation is performed
32             by ssh-askpass(1).  Successful confirmation is signaled by a zero
33             exit status from ssh-askpass(1), rather than text entered into
34             the requester.
35
36     -D      Deletes all identities from the agent.
37
38     -d      Instead of adding identities, removes identities from the agent.
39             If ssh-add has been run without arguments, the keys for the
40             default identities and their corresponding certificates will be
41             removed.  Otherwise, the argument list will be interpreted as a
42             list of paths to public key files to specify keys and
43             certificates to be removed from the agent.  If no public key is
44             found at a given path, ssh-add will append .pub and retry.
45
46     -E fingerprint_hash
47             Specifies the hash algorithm used when displaying key
48             fingerprints.  Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^].  The
49             default is M-bM-^@M-^\sha256M-bM-^@M-^].
50
51     -e pkcs11
52             Remove keys provided by the PKCS#11 shared library pkcs11.
53
54     -k      When loading keys into or deleting keys from the agent, process
55             plain private keys only and skip certificates.
56
57     -L      Lists public key parameters of all identities currently
58             represented by the agent.
59
60     -l      Lists fingerprints of all identities currently represented by the
61             agent.
62
63     -s pkcs11
64             Add keys provided by the PKCS#11 shared library pkcs11.
65
66     -t life
67             Set a maximum lifetime when adding identities to an agent.  The
68             lifetime may be specified in seconds or in a time format
69             specified in sshd_config(5).
70
71     -X      Unlock the agent.
72
73     -x      Lock the agent with a password.
74
75ENVIRONMENT
76     DISPLAY and SSH_ASKPASS
77             If ssh-add needs a passphrase, it will read the passphrase from
78             the current terminal if it was run from a terminal.  If ssh-add
79             does not have a terminal associated with it but DISPLAY and
80             SSH_ASKPASS are set, it will execute the program specified by
81             SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to
82             read the passphrase.  This is particularly useful when calling
83             ssh-add from a .xsession or related script.  (Note that on some
84             machines it may be necessary to redirect the input from /dev/null
85             to make this work.)
86
87     SSH_AUTH_SOCK
88             Identifies the path of a UNIX-domain socket used to communicate
89             with the agent.
90
91FILES
92     ~/.ssh/identity
93             Contains the protocol version 1 RSA authentication identity of
94             the user.
95
96     ~/.ssh/id_dsa
97             Contains the protocol version 2 DSA authentication identity of
98             the user.
99
100     ~/.ssh/id_ecdsa
101             Contains the protocol version 2 ECDSA authentication identity of
102             the user.
103
104     ~/.ssh/id_ed25519
105             Contains the protocol version 2 Ed25519 authentication identity
106             of the user.
107
108     ~/.ssh/id_rsa
109             Contains the protocol version 2 RSA authentication identity of
110             the user.
111
112     Identity files should not be readable by anyone but the user.  Note that
113     ssh-add ignores identity files if they are accessible by others.
114
115EXIT STATUS
116     Exit status is 0 on success, 1 if the specified command fails, and 2 if
117     ssh-add is unable to contact the authentication agent.
118
119SEE ALSO
120     ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)
121
122AUTHORS
123     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
124     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
125     de Raadt and Dug Song removed many bugs, re-added newer features and
126     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
127     versions 1.5 and 2.0.
128
129OpenBSD 6.0                     March 30, 2015                     OpenBSD 6.0
130