summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-add.1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* allow some additional control over the use of ssh-askpassdjm2020-07-141-7/+23
| | | | | via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@
* allow "ssh-add -d -" to read keys to be deleted from stdindjm2020-06-261-2/+7
| | | | bz#3180; ok dtucker@
* sync the description of the $SSH_SK_PROVIDER environment variable withdjm2020-02-071-3/+5
| | | | | that of the SecurityKeyProvider ssh/sshd_config(5) directive, as the latter was more descriptive.
* Document loading of resident keys from a FIDO authenticator.naddy2020-01-171-3/+5
| | | | | | | | * Rename -O to -K to keep "-O option" available. * Document -K. * Trim usage() message down to synopsis, like all other commands. ok markus@
* Replace the term "security key" with "(FIDO) authenticator".naddy2019-12-211-13/+8
| | | | | The polysemous use of "key" was too confusing. Input from markus@. ok jmc@
* tweak the Nd lines for a bit of consistency;jmc2019-11-301-3/+3
| | | | ok markus
* more missing mentions of ed25519-sk; ok djm@naddy2019-11-181-3/+6
|
* double word;jmc2019-11-151-3/+3
|
* directly support U2F/FIDO2 security keys in OpenSSH by linkingdjm2019-11-141-4/+3
| | | | | | against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging.
* Fill in missing man page bits for U2F security key support:naddy2019-11-071-3/+6
| | | | | | | | | | | Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@
* sort;jmc2019-11-011-6/+6
|
* ssh-add support for U2F/FIDO keysdjm2019-10-311-2/+11
|
* add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up debugdjm2019-01-211-2/+12
| | | | | | | | | | verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@
* - -T was added to the first synopsis by mistakejmc2019-01-211-6/+5
| | | | | | - since "..." denotes optional, no need to surround it in [] ok djm
* add option to test whether keys in an agent are usable, by performingdjm2019-01-201-3/+11
| | | | | | a signature and a verification using each key "ssh-add -T pubkey [...]" work by markus@, ok djm@
* sort options;jmc2017-08-291-3/+3
|
* add a -q option to ssh-add to make it quiet on success.dlg2017-08-291-3/+5
| | | | | | | | if you want to silence ssh-add without this you generally redirect the output to /dev/null, but that can hide error output which you should see. ok djm@
* remove superfluous protocol 2 mentions; ok jmc@naddy2017-05-051-6/+6
|
* more protocol 1 stuff to go; ok djmjmc2017-05-031-6/+3
|
* ssh-askpass(1) is the default, overridden by SSH_ASKPASS;jmc2015-03-301-8/+10
| | | | diff originally from jiri b;
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-2/+11
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* improve capitalization for the Ed25519 public-key signature system.sobrado2014-08-301-3/+3
| | | | ok djm@
* add missing mentions of ed25519; ok djm@naddy2013-12-071-3/+6
|
* tweak previous;jmc2012-12-031-3/+3
|
* make deleting explicit keys "ssh-add -d" symmetric with adding keys -djm2012-12-021-7/+7
| | | | | try to delete the corresponding certificate too and respect the -k option to allow deleting of the key only; feedback and ok markus@
* new "ssh-add -k" option to load plain keys (skipping certificates);djm2011-10-181-3/+6
| | | | "looks ok" markus@
* knock out some "-*- nroff -*-" lines;jmc2010-10-281-4/+2
|
* two more EXIT STATUS sections;jmc2010-09-041-3/+3
|
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH) anddjm2010-08-311-5/+8
| | | | | | | | | | | | | | | | | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* mention loading of certificate files from [private]-cert.pub whendjm2010-03-051-2/+9
| | | | they are present; feedback and ok jmc@
* pkcs#11 is no longer optional; improve wording; ok jmc@markus2010-02-101-4/+4
|
* tweak previous; ok markusjmc2010-02-081-4/+4
|
* replace our obsolete smartcard code with PKCS#11.markus2010-02-081-8/+8
| | | | | | | | | ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
* write UNIX-domain in a more consistent way; while here, replace asobrado2009-10-221-3/+3
| | | | | | | | few remaining ".Tn UNIX" macros with ".Ux" ones. pointed out by ratchov@, thanks! ok jmc@
* use the UNIX-related macros (.At and .Ux) where appropriate.sobrado2009-10-221-4/+5
| | | | ok jmc@
* identies -> identities;jmc2007-06-121-3/+3
|
* better document ssh-add's -d option (delete identies from agent), bz#1224djm2007-06-121-3/+14
| | | | | new text based on some provided by andrewmc-debian AT celt.dias.ie; ok dtucker@
* convert to new .Dd format;jmc2007-05-311-2/+2
|
* OpenSSH doesn't ever look at the $HOME environment variable, so don't saydjm2005-04-211-7/+7
| | | | that we do (bz #623); ok deraadt@
* sort options;jmc2005-03-011-22/+23
|
* .Xsession -> .xsession;jmc2004-08-301-2/+2
| | | | | | originally from a pr from f at obiit dot org, but missed by myself; ok markus@ matthieu@
* ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.matthieu2003-11-251-3/+4
|
* - section reorderjmc2003-06-101-20/+20
| | | | | | | | | - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
* - killed whitespacejmc2003-03-281-4/+5
| | | | | | | - new sentence new line - .Bk for arguments ok markus@
* xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490markus2003-02-101-2/+2
|
* ssh-add -c, prompt user for confirmation (using ssh-askpass) whenmarkus2003-01-231-2/+10
| | | | private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@
* KNF done automatically while reading....deraadt2002-06-191-2/+2
|
* use convtime() to parse and validate key lifetime. can nowstevesk2002-06-101-2/+4
| | | | use '-t 2h' etc. ok markus@ provos@
* ssh-add -t life, Set lifetime (in seconds) when adding identities; ok provos@markus2002-06-051-1/+5
|
* ssh-add -x for lock and -X for unlocking the agent.markus2002-06-051-2/+6
| | | | todo: encrypt private keys with locked...
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.