Overview (SYNOPSIS)
ssh-agent [-a bind_address ] [-c | -s ] [-t life ] [-d ] [command [args ... ] ] ssh-agent [-c | -s ] -k
Description (DESCRIPTION)
Charge for public key authentication system (RSA, DSA) private key. This concept lets start from the beginning of the X session or a login session, so that other windows or programs become customers when they use ssh (1) Log other machines, you can find the agent through environment variables and automatically be authenticated.
The available options are:
- -a bind_address
- The agent and the UNIX domain Socket bind_address binding. The default address is / tmp / ssh-XXXXXXXX / agent . <Ppid>
- -c
- In the stdout output C-shell command if SHELL looks like a type of shell csh, this becomes the default.
- -s
- In the stdout output Bourne shell command if SHELL does not look like a type of shell csh, this becomes the default.
- -k
- The end of the current proxy (by the SSH_AGENT_PID given environment variable).
- -t life
- Default setting maximum lifetime for the identity data is added. Lifecycle in seconds, can also be used sshd (8) in a predetermined time format. Adding identification data to the proxy using ssh-add1, you can specify another life cycle, rather than the default. when not in use this option, the default maximum cycle life is eternal.
- -d
- After debugging mode. Specify this option, not fork.
If you give the command line, it will run press agency of the child process. At the end of the command, the agent ends.
Acting initially do not have any private key. Ssh-add1 joined by key. When run with no arguments ssh-add1, it adds $ HOME / .ssh / id_rsa $ HOME / .ssh / id_dsa and $ HOME / .ssh / identity document content. If you need to access identity data with a passphrase, ssh-add1 will ask the passphrase (under X11 with a small program, not from the X terminal reads), then the identity of the data sent to the agent. agent can store multiple identity data and automatically uses these data. SSH-the Add the -l command shows the current status of the agent in charge of data.
Envisage this approach is that the agent is running on the user's local PC, notebook computer, or terminal. Authentication data need not be stored on any other machine, and authentication passphrases never passed over the network. However, and agent connections via SSH Telnet is forwarded, so the user can exercise anywhere in the network security of identity consistent with its rights.
Setup Agent There are two main methods: a child or their agents to start output command certain environment variables; or let the agent shell command output required (sh (1) or csh (1) syntax can be generated) after ssh. (1) access to these variables, and whereby the agent to establish a connection.
Agent never transmitted in the channel request private key, the private key of the operation required by the agent to complete, and the result returned to the requestor. Such private use will not be exposed to the proxy client.
The program will create a UNIX domain socket, it only allows users to access current, SSH_AUTH_SOCK environment variable holds the name of the socket. This method is easy to root user or the current user different instances of abuse.
SSH_AGENT_PID environment variable holds the PID agent.
When the command is given on the command line, the agent will automatically exit.
File (FILES)
- $HOME/.ssh/identity
- The agreement contains the first edition of the RAS user identity data.
- $HOME/.ssh/id_dsa
- The agreement contains the user identity of the second edition of DSA data.
- $HOME/.ssh/id_rsa
- The agreement contains the user identity of the second edition of RAS data.
- /tmp/ssh-XXXXXXXX/agent.<ppid>
- Unix domain socket, and includes authentication agent connection. These socket only allow their owners to read. These socket automatically deleted when the agent exits.