.TH SSH-ADD 1 "January 21 2019 " "" .SH NAME \fBssh-add\fP \- adds private key identities to the authentication agent .SH SYNOPSIS .br \fBssh-add\fP [\fB\-cDdkLlqvXx\fP] [\fB\-E\fP \fIfingerprint_hash\fP] [\fB\-t\fP \fIlife\fP] [\fIfile ...\fP] .br \fBssh-add\fP \fB\-s\fP \fIpkcs11\fP .br \fBssh-add\fP \fB\-e\fP \fIpkcs11\fP .br \fBssh-add\fP \fB\-T\fP \fIpubkey\fP... .SH DESCRIPTION \fBssh-add\fP adds private key identities to the authentication agent, \fBssh-agent\fP(1). When run without arguments, it adds the files \fI~/.ssh/id_rsa\fP, \fI~/.ssh/id_dsa\fP, \fI~/.ssh/id_ecdsa\fP, and \fI~/.ssh/id_ed25519\fP. After loading a private key, \fBssh-add\fP will try to load corresponding certificate information from the filename obtained by appending \fI-cert.pub\fP to the name of the private key file. Alternative file names can be given on the command line. If any file requires a passphrase, \fBssh-add\fP asks for the passphrase from the user. The passphrase is read from the user's tty. \fBssh-add\fP retries the last passphrase if multiple identity files are given. The authentication agent must be running and the .IR SSH_AUTH_SOCK environment variable must contain the name of its socket for \fBssh-add\fP to work. The options are as follows: .TP \fB\-c\fP Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by \fBssh-askpass\fP(1). Successful confirmation is signaled by a zero exit status from \fBssh-askpass\fP(1), rather than text entered into the requester. .TP \fB\-D\fP Deletes all identities from the agent. .TP \fB\-d\fP Instead of adding identities, removes identities from the agent. If \fBssh-add\fP has been run without arguments, the keys for the default identities and their corresponding certificates will be removed. Otherwise, the argument list will be interpreted as a list of paths to public key files to specify keys and certificates to be removed from the agent. If no public key is found at a given path, \fBssh-add\fP will append \fI\&.pub\fP and retry. .TP \fB\-E\fP \fIfingerprint_hash\fP Specifies the hash algorithm used when displaying key fingerprints. Valid options are: ``md5'' and ``sha256''. The default is ``sha256''. .TP \fB\-e\fP \fIpkcs11\fP Remove keys provided by the PKCS#11 shared library \fIpkcs11\fP. .TP \fB\-k\fP When loading keys into or deleting keys from the agent, process plain private keys only and skip certificates. .TP \fB\-L\fP Lists public key parameters of all identities currently represented by the agent. .TP \fB\-l\fP Lists fingerprints of all identities currently represented by the agent. .TP \fB\-q\fP Be quiet after a successful operation. .TP \fB\-s\fP \fIpkcs11\fP Add keys provided by the PKCS#11 shared library \fIpkcs11\fP. .TP \fB\-T\fP \fIpubkey\fP... Tests whether the private keys that correspond to the specified \fIpubkey\fP files are usable by performing sign and verify operations on each. .TP \fB\-t\fP \fIlife\fP Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in \fBsshd_config\fP(5). .TP \fB\-v\fP Verbose mode. Causes \fBssh-add\fP to print debugging messages about its progress. This is helpful in debugging problems. Multiple \fB\-v\fP options increase the verbosity. The maximum is 3. .TP \fB\-X\fP Unlock the agent. .TP \fB\-x\fP Lock the agent with a password. .PP .SH ENVIRONMENT .TP .B "DISPLAY" and "SSH_ASKPASS" If \fBssh-add\fP needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If \fBssh-add\fP does not have a terminal associated with it but .IR DISPLAY and .IR SSH_ASKPASS are set, it will execute the program specified by .IR SSH_ASKPASS (by default ``ssh-askpass )'' and open an X11 window to read the passphrase. This is particularly useful when calling \fBssh-add\fP from a \fI\&.xsession\fP or related script. (Note that on some machines it may be necessary to redirect the input from \fI/dev/null\fP to make this work.) .TP .B SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to communicate with the agent. .PP .SH FILES .TP .B ~/.ssh/id_dsa Contains the DSA authentication identity of the user. .TP .B ~/.ssh/id_ecdsa Contains the ECDSA authentication identity of the user. .TP .B ~/.ssh/id_ed25519 Contains the Ed25519 authentication identity of the user. .TP .B ~/.ssh/id_rsa Contains the RSA authentication identity of the user. .PP Identity files should not be readable by anyone but the user. Note that \fBssh-add\fP ignores identity files if they are accessible by others. .SH EXIT STATUS Exit status is 0 on success, 1 if the specified command fails, and 2 if \fBssh-add\fP is unable to contact the authentication agent. .SH SEE ALSO \fBssh\fP(1), \fBssh-agent\fP(1), \fBssh-askpass\fP(1), \fBssh-keygen\fP(1), \fBsshd\fP(8) .SH AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0.