| rsc | c9d04e0 | 2005-02-14 00:00:02 +0000 | [diff] [blame] | 1 | .TH SSH-AGENT 1 |
| 2 | .SH NAME |
| 3 | ssh-agent \- SSH authentication agent |
| 4 | .SH SYNOPSIS |
| 5 | .B ssh-agent |
| 6 | [ |
| 7 | .B -l |
| 8 | ] |
| 9 | .I factotum-service |
| 10 | .SH DESCRIPTION |
| 11 | .I Ssh-agent |
| 12 | presents |
| 13 | .IR factotum (4) |
| 14 | using the interface that |
| 15 | .IR ssh (1) |
| 16 | requires. |
| 17 | .PP |
| 18 | Once |
| 19 | .I ssh-agent |
| 20 | and |
| 21 | .I factotum |
| 22 | are running, the standard Unix SSH client |
| 23 | can use |
| 24 | .I ssh-agent |
| 25 | (and, indirectly, |
| 26 | .IR factotum ) |
| 27 | to authenticate to remote systems using RSA or DSA keys. |
| 28 | .PP |
| 29 | .I Ssh |
| 30 | accesses |
| 31 | .I ssh-agent |
| rsc | 24a8494 | 2005-03-21 17:27:51 +0000 | [diff] [blame] | 32 | via a Unix socket named |
| 33 | .B ssh-agent.socket |
| 34 | in the name space directory |
| 35 | (see |
| 36 | .IR intro (4)). |
| 37 | Note that although the socket is posted in the name space |
| 38 | directory, it is not for 9P conversations. |
| rsc | c9d04e0 | 2005-02-14 00:00:02 +0000 | [diff] [blame] | 39 | .I Ssh |
| rsc | 24a8494 | 2005-03-21 17:27:51 +0000 | [diff] [blame] | 40 | expects the name of this socket to be in the environment as |
| rsc | c9d04e0 | 2005-02-14 00:00:02 +0000 | [diff] [blame] | 41 | .BR $SSH_AGENT_SOCK , |
| 42 | and expects the agent to be running with process id |
| 43 | .BR $SSH_AGENT_PID . |
| 44 | .I Ssh-agent |
| 45 | prints shell commands to set these two variables |
| 46 | before forking itself into the background. |
| 47 | It is typically invoked inside a shell |
| 48 | .B eval |
| 49 | construct; see the examples below. |
| 50 | The |
| 51 | .B -e |
| 52 | option causes |
| 53 | .I ssh-agent |
| 54 | to include |
| 55 | .B export |
| 56 | commands to put the variables into the environment of future programs. |
| 57 | .PP |
| 58 | If the |
| 59 | .B -l |
| 60 | option is given, |
| 61 | .I ssh-agent |
| 62 | lists the usable |
| 63 | .I factotum |
| 64 | keys in the standard SSH format, suitable for creating an |
| 65 | .B authorized_keys |
| 66 | file. |
| 67 | .PP |
| 68 | .I Ssh-agent |
| 69 | connects to |
| 70 | .I factotum |
| 71 | by accessing |
| 72 | .I factotum-service |
| 73 | (default |
| 74 | .RB ` factotum ') |
| 75 | in the current name space. |
| 76 | .PP |
| 77 | There is a Unix program called |
| 78 | .I ssh-agent |
| 79 | that manages SSH keys itself. |
| 80 | Invoke this one with |
| 81 | .B 9 |
| 82 | .BR ssh-agent ; |
| 83 | see |
| 84 | .IR 9 (1). |
| 85 | .SH EXAMPLES |
| 86 | Assume |
| 87 | .IR factotum (4) |
| 88 | is already running and initialized with keys. |
| 89 | .PP |
| 90 | Start a new agent, copying the commands by hand: |
| 91 | .IP |
| 92 | .EX |
| 93 | $ 9 ssh-agent -e |
| 94 | SSH_AUTH_SOCK=/tmp/ssh-405795003d7ee27a/agent.4233; |
| 95 | export SSH_AUTH_SOCK; |
| 96 | SSH_AGENT_PID=4233; |
| 97 | export SSH_AGENT_PID; |
| 98 | $ SSH_AUTH_SOCK=/tmp/ssh-405795003d7ee27a/agent.4233; |
| 99 | $ export SSH_AUTH_SOCK; |
| 100 | $ SSH_AGENT_PID=4233; |
| 101 | $ export SSH_AGENT_PID; |
| 102 | $ |
| 103 | .EE |
| 104 | .PP |
| 105 | Start the agent from |
| 106 | .IR sh (1): |
| 107 | .IP |
| 108 | .EX |
| 109 | $ eval `9 ssh-agent -e` |
| 110 | $ |
| 111 | .EE |
| 112 | .PP |
| 113 | Start the agent from |
| 114 | .IR rc (1): |
| 115 | .IP |
| 116 | .EX |
| 117 | % eval `{9 ssh-agent} |
| 118 | % |
| 119 | .EE |
| 120 | .PP |
| 121 | Use the agent to connect to a remote system: |
| 122 | .IP |
| 123 | .EX |
| 124 | % ssh tux |
| 125 | tux% ^D |
| 126 | % |
| 127 | .EE |
| 128 | .SH SOURCE |
| 129 | .B \*9/src/cmd/auth/ssh-agent.c |
| 130 | .SH SEE ALSO |
| 131 | .IR ssh (1), |
| 132 | .IR rsa (1), |
| 133 | .IR factotum (4) |
| 134 | .SH BUGS |
| 135 | A surprise rather than a bug: |
| 136 | .I ssh-agent |
| 137 | connects to factotum on demand, so it can be |
| 138 | started before |
| 139 | .I factotum |
| 140 | is running and need not be restarted just because |
| 141 | .I factotum |
| 142 | is. |
