ssh-agent2(1)ssh-agent2(1)NAME
ssh-agent2, ssh-agent - Starts the Secure Shell authentication agent,
which holds private keys in memory
SYNOPSIS
ssh-agent2 [command]
eval `ssh-agent2 [-s] [-c] [-l] [-d] `
Note
The ssh-agent2 part of the eval command and its options are enclosed in
backquotes, not apostrophes.
OPTIONS
Specifies the csh-style shell. Specifies the sh-style shell. Speci‐
fies that the ssh-agent2 command can also serve ssh1 applications, can
be accessed with the ssh-add command in ssh1 releases, sets the
SSH_AUTH_SOCK and SSH_AGENT_PID environment variables, and shares keys
with both protocols. Prints debug information to stderr. The -d
debug_level option is either a number, from 0 to 99, where 99 specifies
that all debug information should be displayed, or a comma-separated
list of assignments (i.e., ModulePattern=debug_level). This should be
the first argument on the command line.
DESCRIPTION
The ssh-agent2 command starts the Secure Shell authentication agent on
a Secure Shell client that is configured to use public key user authen‐
tication. The authentication agent holds the private keys in memory.
The programs started under the agent inherit a connection to the agent,
and the agent is automatically used for public-key authentication when
logging to other machines using Secure Shell.
Users are prompted for their passphrase when entering Secure Shell com‐
mands on a Secure Shell server that uses public key user authentica‐
tion. To avoid entering a passphrase multiple times during a session, a
user can run the Secure Shell authentication agent and load their pri‐
vate keys into the agent. When the agent is running, all key-related
operations are directed to the agent. The agent terminates when the
user logs out or stops the agent. See Security Administration for more
information about Secure Shell user authentication.
The agent initially does not have any private keys. Keys are added
using the ssh-add2 command. Several identities can be stored in the
agent, and the agent can use any of these identities automatically.
Users must initially enter the passphrase for each key that they want
to load. Passphrases never go over the network. (The ssh-add2 -l com‐
mand displays the identities currently held by the agent.)
The command normally starts the X server or is the user shell. All
other windows or programs are started as children of the agent process
and inherit a connection to the agent. If the command is given as an
argument to the ssh-agent2 command, the authentication agent exits
automatically when the command terminates. The command is executed even
if the authentication agent fails to start its key storing and chal‐
lenge processing services. If the ssh-agent2 command is started without
any arguments (no command), it will fork and start the authentication
agent as a background process.
A Tru64 UNIX domain socket is created as /tmp/ssh-$USER/agent-socket-
pid, where pid is the process ID of the listener (authentication agent
or sshd daemon proxying the agent). The name of this socket is stored
in the SSH2_AUTH_SOCK environment variable. The socket is made acces‐
sible only to the current user.
The eval command causes the current shell to interpret the commands
output by the ssh-agent2 command and set the SSH2_AUTH_SOCK and
SSH2_AGENT_PID environment variables. If you omit the eval command, the
commands are printed on standard output when you start the authentica‐
tion agent.
If the -c or -s options are not given, the ssh-agent2 command uses the
SHELL environment variable to detect what kind of shell you have (csh
shell or sh shell). If ALTSHELL is set to yes in the /etc/default/login
file, the SHELL environment variable is set to the login shell of the
user.
The -d debug_level option is either a number, from 0 to 99, where 99
specifies that all debug information should be displayed, or a comma-
separated list of assignments (i.e., ModulePattern=debug_level). This
should be the first argument on the command line.
ENVIRONMENT VARIABLES
Stores the name of the of the Tru64 UNIX domain socket. Stops the
Secure Shell authentication agent when it is no longer needed, such as
when you log out from an X session.
FILES
Contains the user's private key. This file is not used by the ssh-
agent2 command but is normally added to the authentication agent by
using the ssh-add2 command when the user logs in. This file should not
be readable by anyone but the user. It is possible to specify a
passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file. Contains the Tru64 UNIX
domain sockets used to connect to the authentication agent, where pid
is the process ID of the listener (authentication agent or sshd daemon
proxying the agent). These sockets should be readable only by the
owner. The sockets are automatically removed when the authentication
agent exits. The parent directory of ssh2-$USER must have its sticky
bit set.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: sftp(1), ssh2(1), ssh-add2(1), ssh-keygen2(1), ssh-pub‐
keymgr2(1), sshd2(8)
Guides: Security Administration
ssh-agent2(1)
