 |
Index for
Section 1 |
|
 |
Alphabetical
listing for S |
|
 |
Bottom of
page |
|
ssh-agent2(1)
NAME
ssh-agent2, ssh-agent - Starts the Secure Shell authentication agent, which
holds private keys in memory
SYNOPSIS
ssh-agent2 [command]
eval `ssh-agent2 [-s] [-c] [-l] `
Note
The ssh-agent2 part of the eval command and its options are enclosed
in backquotes, not apostrophes.
OPTIONS
-c Specifies the csh-style shell.
-s Specifies the sh-style shell.
-l Specifies that the ssh-agent2 command can also serve ssh1 applications,
can be accessed with the ssh-add command in ssh1 releases, sets the
SSH_AUTH_SOCK and SSH_AGENT_PID environment variables, and shares keys
with both protocols.
DESCRIPTION
The ssh-agent2 command starts the Secure Shell authentication agent on a
Secure Shell client that is configured to use public key user
authentication. The authentication agent holds the user's private keys in
memory.
Users are prompted for their passphrase when entering Secure Shell commands
on a Secure Shell server that uses public key user authentication. To avoid
having to repeatedly enter their passphase during a session, a user can run
the Secure Shell authentication agent and load their private keys into the
agent. When the agent is running, all key-related operations are directed
to the agent. The agent terminates when the user logs out or stops the
agent. See Security Administration for more information about Secure Shell
user authentication.
The agent initially does not have any private keys. Users use the ssh-
pubkeymgr command to configure public key user authentication on a Secure
Shell client. Users enter the ssh-agent2 command to start the agent, then
enter the ssh-add2 command to load the private keys into the agent. Users
must initially enter the passphrase for each key that they want to load.
Passphrases never go over the network.
The command normally starts the X server or is the user shell. All other
windows or programs are started as children of the agent process and
inherit a connection to the agent. If the command is given as an argument
to the ssh-agent2 command, the authentication agent exits automatically
when the command terminates. The command is executed even if the
authentication agent fails to start its key storing and challenge
processing services.
If the ssh-agent2 command is started without any arguments (no command), it
will fork and start the authentication agent as a background process.
A Tru64 UNIX domain socket is created as /tmp/ssh-$USER/agent-socket-pid,
where pid is the process ID of the listener (authentication agent or sshd
daemon proxying the agent). The name of this socket is stored in the
SSH2_AUTH_SOCK environment variable. The socket is made accessible only to
the current user.
The eval command causes the current shell to interpret the commands output
by the ssh-agent2 command and set the SSH2_AUTH_SOCK and SSH2_AGENT_PID
environment variables. If you omit the eval command, the commands are
printed on standard output when you start the authentication agent. The
SSH2_AGENT_PID environment variable can be used to stop the authentication
agent when it is no longer needed; for example, when you log out from an X
session.
If the -c or -s options are not given, the ssh-agent2 command uses the
SHELL environment variable to detect what kind of shell you have (csh shell
or sh shell). If ALTSHELL is set to yes in the /etc/default/login file, the
SHELL environment variable is set to the login shell of the user.
FILES
$HOME/.ssh2/id_dsa_1024_a
Contains the user's private key. This file is not used by the ssh-
agent2 command but is normally added to the authentication agent by
using the ssh-add2 command when the user logs in.
$HOME/.ssh2/id_dsa_1024_a.pub
Contains the user's public key.
/tmp/ssh-$USER/agent-socket-pid
Contains the Tru64 UNIX domain sockets used to connect to the
authentication agent, where pid is the process ID of the listener
(authentication agent or sshd daemon proxying the agent). These sockets
should be readable only by the owner. The sockets are automatically
removed when the authentication agent exits. The parent directory of
ssh2-$USER must have its sticky bit set.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: sftp(1), ssh2(1), ssh-add2(1), ssh-pubkeymgr2(1), sshd2(8)
Guides: Security Administration
|
Index for
Section 1 |
|
|
Alphabetical
listing for S |
|
 |
Top of
page |
|