manpagez: man(ual) pages & more
man ssh-add(1)
Home | html | info | man

ssh-add(1)                BSD General Commands Manual               ssh-add(1)


     ssh-add -- adds private key identities to the authentication agent


     ssh-add [-cDdkLlMmXx] [-E fingerprint_hash] [-t life] [file ...]
     ssh-add -s pkcs11
     ssh-add -e pkcs11


     ssh-add adds private key identities to the authentication agent,
     ssh-agent(1).  When run without arguments, it adds the files
     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
     ~/.ssh/identity.  After loading a private key, ssh-add will try to load
     corresponding certificate information from the filename obtained by
     appending to the name of the private key file.  Alternative
     file names can be given on the command line.

     If any file requires a passphrase, ssh-add asks for the passphrase from
     the user.  The passphrase is read from the user's tty.  ssh-add retries
     the last passphrase if multiple identity files are given.

     The authentication agent must be running and the SSH_AUTH_SOCK environ-
     ment variable must contain the name of its socket for ssh-add to work.

     The options are as follows:

     -c      Indicates that added identities should be subject to confirmation
             before being used for authentication.  Confirmation is performed
             by ssh-askpass(1).  Successful confirmation is signaled by a zero
             exit status from ssh-askpass(1), rather than text entered into
             the requester.

     -D      Deletes all identities from the agent.

     -d      Instead of adding identities, removes identities from the agent.
             If ssh-add has been run without arguments, the keys for the
             default identities and their corresponding certificates will be
             removed.  Otherwise, the argument list will be interpreted as a
             list of paths to public key files to specify keys and certifi-
             cates to be removed from the agent.  If no public key is found at
             a given path, ssh-add will append .pub and retry.

     -E fingerprint_hash
             Specifies the hash algorithm used when displaying key finger-
             prints.  Valid options are: ``md5'' and ``sha256''.  The default
             is ``sha256''.

     -e pkcs11
             Remove keys provided by the PKCS#11 shared library pkcs11.

     -k      When loading keys into or deleting keys from the agent, process
             plain private keys only and skip certificates.

     -L      Lists public key parameters of all identities currently repre-
             sented by the agent.

     -l      Lists fingerprints of all identities currently represented by the

     -m      Add identities to the agent using any passphrases stored in your
             Mac OS X keychain.

     -M      When adding identities, each passphrase will also be stored in
             your Mac OS Xkeychain.  When removing identities with -d, each
             passphrase will be removed from your Mac OS X keychain.

     -s pkcs11
             Add keys provided by the PKCS#11 shared library pkcs11.

     -t life
             Set a maximum lifetime when adding identities to an agent.  The
             lifetime may be specified in seconds or in a time format speci-
             fied in sshd_config(5).

     -X      Unlock the agent.

     -x      Lock the agent with a password.


             If ssh-add needs a passphrase, it will read the passphrase from
             the current terminal if it was run from a terminal.  If ssh-add
             does not have a terminal associated with it but DISPLAY and
             SSH_ASKPASS are set, it will execute the program specified by
             SSH_ASKPASS (by default ``ssh-askpass'') and open an X11 window
             to read the passphrase.  This is particularly useful when calling
             ssh-add from a .xsession or related script.  (Note that on some
             machines it may be necessary to redirect the input from /dev/null
             to make this work.)

             Identifies the path of a UNIX-domain socket used to communicate
             with the agent.


             Contains the protocol version 1 RSA authentication identity of
             the user.

             Contains the protocol version 2 DSA authentication identity of
             the user.

             Contains the protocol version 2 ECDSA authentication identity of
             the user.

             Contains the protocol version 2 Ed25519 authentication identity
             of the user.

             Contains the protocol version 2 RSA authentication identity of
             the user.

     Identity files should not be readable by anyone but the user.  Note that
     ssh-add ignores identity files if they are accessible by others.


     Exit status is 0 on success, 1 if the specified command fails, and 2 if
     ssh-add is unable to contact the authentication agent.


     ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)


     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
     de Raadt and Dug Song removed many bugs, re-added newer features and cre-
     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.

BSD                              April 9, 2016                             BSD

openssh 7.2p2 - Generated Sat Apr 9 07:58:04 CDT 2016
© 2000-2017
Individual documents may contain additional copyright information.