SSH-ADD2(1) SSH2 SSH-ADD2(1)
NAME
ssh-add2 - adds identities for the authentication agent
SYNOPSIS
ssh-add2 [-p] [-l] [-N] [-P] [-I] [-d] [-D] [-L] [-U] [-1]
[-u] [-f forwarding steps] [-F forwarding constraint] [-t
key timeout in minutes] [-R OpenPGP keyring] [files...]
DESCRIPTION
ssh-add2 adds identities to the authentication agent, ssh-
agent2. If any file requires a passphrase, ssh-add2 asks
for the passphrase from the user. If the -p option is
given, then the passphrase is read from stdin, otherwise
if the user is using X11, the passphrase is requested
using a small X11 program; otherwise it is read from the
user's tty. (Note: it may be necessary to redirect stdin
from /dev/null to get the passphrase requested using X11.)
The authentication agent must be running and must be an
ancestor of the current process for ssh-add2 to work.
If ssh-add2 needs a passphrase, it will read the
passphrase from the current terminal, if it was run from a
terminal. If ssh-add2 does not have a terminal associated
with it but DISPLAY is set, it will open an X11 window to
read the passphrase. This is particularly useful when
calling ssh-add2 from a .Xsession or related script.
(Note that on some machines it may be necessary to redi
rect the input from /dev/null to make this work.)
OPTIONS
-p Read passphrase from stdin (or pipe).
-l Lists all identities currently represented by the
agent.
-N Keys added/deleted are stored in the OpenPGP keyring
and identified by key name string.
-P Keys added/deleted are stored in the OpenPGP keyring
and identified by key fingerprint.
-F Keys added/deleted are stored in the OpenPGP keyring
and identified by key id number.
-d Instead of adding the identity, removes the identity
from the agent.
-D Deletes all identities from the agent.
-L Temporarily locks the agent with a password.
-U Unlocks the locked agent.
-1 The agent is not allowed to use keys added with this
command in ssh1 compatibility operations.
-u The keys added are not read from the file, but
instead the key is given to the agent as URL. With
this functionality, the agent can get information
about the additional key sources, like smartcards.
-f forwarding steps
The key can be used only through as many forwarding
steps as directed by the argument. Argument 0 states
that the key can only be used locally. Note that
ssh1 does not submit forwarding information, so with
ssh1 compatibility, this constraint may not work as
expected.
-F forwarding constraint
The argument is a comma separated list, through which
kind of steps the key can be forwarded. For example
constraint string "*.ssh.com,rinne.iki.fi" states
that key can be forwarded to any host in domain
ssh.fi and also to host rinne.iki.fi and used
locally. Be aware, that ssh1 does not submit for
warding information, so with ssh1 compatibility, this
constraint may not work as expected.
-t timeout
The agent is advised to delete the key after timeout.
Timeout is given in minutes.
-R OpenPGP keyring
Argument identifies OpenPGP secret keyring file.
RETURN STATUS
ssh-add2 returns one of the following exit statuses.
These may be useful in scripts.
0 The requested operation was performed successfully.
1 No connection could be made to the authentication
agent. Presumably there is no authentication agent
active in the execution environment of ssh-add2.
2 The user did not supply a required passphrase.
3 An identify file could not be found, was not read
able, or was in bad format.
4 The agent does not have the requested identity.
5 An unspecified error has occurred; this is a catch-
all for errors not listed above.
FILES
$HOME/.ssh2/identification
Contains names of the private keys that are to be
used in authentication. See ssh2(1) for more
information.
$HOME/.ssh2/id_KEYTYPE_KEYLEN_X
$HOME/.ssh2/id_KEYTYPE_KEYLEN_X.pub
Standard private and public identification key
files.
AUTHORS
SSH Communications Security Corp
For more information, see http://www.ssh.com.
SEE ALSO
ssh-agent2(1), ssh-keygen2(1), ssh2(1), sshd2(8)
SSH2 March 22, 2000 SSH-ADD2(1)