summaryrefslogtreecommitdiff
path: root/ssh-add.1
Commit message (Collapse)AuthorAgeFilesLines
* upstream: allow some additional control over the use of ssh-askpassdjm@openbsd.org2020-07-151-7/+23
| | | | | | via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@ OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
* upstream: allow "ssh-add -d -" to read keys to be deleted fromdjm@openbsd.org2020-06-261-2/+7
| | | | | | stdin bz#3180; ok dtucker@ OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff
* upstream: sync the description of the $SSH_SK_PROVIDER environmentdjm@openbsd.org2020-02-071-3/+5
| | | | | | | variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive, as the latter was more descriptive. OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f
* upstream: Document loading of resident keys from a FIDOnaddy@openbsd.org2020-01-211-3/+5
| | | | | | | | | | | | authenticator. * Rename -O to -K to keep "-O option" available. * Document -K. * Trim usage() message down to synopsis, like all other commands. ok markus@ OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
* upstream: Replace the term "security key" with "(FIDO)naddy@openbsd.org2019-12-301-13/+8
| | | | | | | | | authenticator". The polysemous use of "key" was too confusing. Input from markus@. ok jmc@ OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
* upstream: tweak the Nd lines for a bit of consistency; ok markusjmc@openbsd.org2019-12-111-3/+3
| | | | OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
* upstream: more missing mentions of ed25519-sk; ok djm@naddy@openbsd.org2019-11-201-3/+6
| | | | OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
* upstream: double word;jmc@openbsd.org2019-11-171-3/+3
| | | | OpenBSD-Commit-ID: 43d09bafa4ea9002078cb30ca9adc3dcc0b9c2b9
* upstream: directly support U2F/FIDO2 security keys in OpenSSH bydjm@openbsd.org2019-11-151-4/+3
| | | | | | | | linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging. OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
* upstream: Fill in missing man page bits for U2F security key support:naddy@openbsd.org2019-11-081-3/+6
| | | | | | | | | | | | | Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
* upstream: sort;jmc@openbsd.org2019-11-011-6/+6
| | | | OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16
* upstream: ssh-add support for U2F/FIDO keysdjm@openbsd.org2019-11-011-2/+11
| | | | OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644
* upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn updjm@openbsd.org2019-01-211-2/+12
| | | | | | | | | | | | debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
* upstream: - -T was added to the first synopsis by mistake - sincejmc@openbsd.org2019-01-211-6/+5
| | | | | | | | "..." denotes optional, no need to surround it in [] ok djm OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25
* upstream: add option to test whether keys in an agent are usable,djm@openbsd.org2019-01-211-3/+11
| | | | | | | | | by performing a signature and a verification using each key "ssh-add -T pubkey [...]" work by markus@, ok djm@ OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b
* upstream commitjmc@openbsd.org2017-09-041-3/+3
| | | | | | sort options; Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
* upstream commitdlg@openbsd.org2017-09-041-3/+5
| | | | | | | | | | | | add a -q option to ssh-add to make it quiet on success. if you want to silence ssh-add without this you generally redirect the output to /dev/null, but that can hide error output which you should see. ok djm@ Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
* upstream commitnaddy@openbsd.org2017-05-081-6/+6
| | | | | | remove superfluous protocol 2 mentions; ok jmc@ Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
* upstream commitjmc@openbsd.org2017-05-081-6/+3
| | | | | | more protocol 1 stuff to go; ok djm Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
* upstream commitjmc@openbsd.org2015-04-011-8/+10
| | | | | ssh-askpass(1) is the default, overridden by SSH_ASKPASS; diff originally from jiri b;
* upstream commitdjm@openbsd.org2014-12-221-2/+11
| | | | | | | | Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* upstream commitsobrado@openbsd.org2014-10-131-3/+3
| | | | | | | improve capitalization for the Ed25519 public-key signature system. ok djm@
* - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller2013-12-181-3/+6
| | | | | | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
* - jmc@cvs.openbsd.org 2012/12/03 08:33:03Darren Tucker2012-12-071-3/+3
| | | | | [ssh-add.1 sshd_config.5] tweak previous;
* - djm@cvs.openbsd.org 2012/12/02 20:42:15Damien Miller2012-12-031-7/+7
| | | | | | | [ssh-add.1 ssh-add.c] make deleting explicit keys "ssh-add -d" symmetric with adding keys - try to delete the corresponding certificate too and respect the -k option to allow deleting of the key only; feedback and ok markus@
* - djm@cvs.openbsd.org 2011/10/18 05:00:48Damien Miller2011-10-181-3/+6
| | | | | | [ssh-add.1 ssh-add.c] new "ssh-add -k" option to load plain keys (skipping certificates); "looks ok" markus@
* - jmc@cvs.openbsd.org 2010/10/28 18:33:28Damien Miller2010-11-051-4/+2
| | | | | [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines;
* - jmc@cvs.openbsd.org 2010/09/04 09:38:34Damien Miller2010-09-101-3/+3
| | | | | [ssh-add.1 ssh.1] two more EXIT STATUS sections;
* - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller2010-08-311-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* - djm@cvs.openbsd.org 2010/03/05 10:28:21Damien Miller2010-03-051-2/+9
| | | | | | [ssh-add.1 ssh.1 ssh_config.5] mention loading of certificate files from [private]-cert.pub when they are present; feedback and ok jmc@
* - markus@cvs.openbsd.org 2010/02/10 23:20:38Damien Miller2010-02-121-4/+4
| | | | | [ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5] pkcs#11 is no longer optional; improve wording; ok jmc@
* - jmc@cvs.openbsd.org 2010/02/08 22:03:05Damien Miller2010-02-121-4/+4
| | | | | [ssh-add.1 ssh-keygen.1 ssh.1 ssh.c] tweak previous; ok markus
* - markus@cvs.openbsd.org 2010/02/08 10:50:20Damien Miller2010-02-121-8/+8
| | | | | | | | | | | | | [pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev `
* - sobrado@cvs.openbsd.org 2009/10/22 15:02:12Darren Tucker2009-10-241-3/+3
| | | | | | | | [ssh-agent.1 ssh-add.1 ssh.1] write UNIX-domain in a more consistent way; while here, replace a few remaining ".Tn UNIX" macros with ".Ux" ones. pointed out by ratchov@, thanks! ok jmc@
* - sobrado@cvs.openbsd.org 2009/10/22 12:35:53Darren Tucker2009-10-241-4/+5
| | | | | | [ssh.1 ssh-agent.1 ssh-add.1] use the UNIX-related macros (.At and .Ux) where appropriate. ok jmc@
* - jmc@cvs.openbsd.org 2007/06/12 13:41:03Darren Tucker2007-06-131-4/+4
| | | | | [ssh-add.1] identies -> identities;
* - djm@cvs.openbsd.org 2007/06/12 07:41:00Darren Tucker2007-06-121-3/+14
| | | | | | | [ssh-add.1] better document ssh-add's -d option (delete identies from agent), bz#1224 new text based on some provided by andrewmc-debian AT celt.dias.ie; ok dtucker@
* - jmc@cvs.openbsd.org 2007/05/31 19:20:16Darren Tucker2007-06-051-2/+2
| | | | | | | [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] convert to new .Dd format; (We will need to teach mdoc2man.awk to understand this too.)
* - djm@cvs.openbsd.org 2005/04/21 06:17:50Damien Miller2005-05-261-7/+7
| | | | | | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment variable, so don't say that we do (bz #623); ok deraadt@
* - jmc@cvs.openbsd.org 2005/03/01 17:32:19Damien Miller2005-03-021-22/+23
| | | | | [ssh-add.1] sort options;
* - jmc@cvs.openbsd.org 2004/08/30 21:22:49Darren Tucker2004-11-051-2/+2
| | | | | | | [ssh-add.1 ssh.1] .Xsession -> .xsession; originally from a pr from f at obiit dot org, but missed by myself; ok markus@ matthieu@
* - matthieu@cvs.openbsd.org 2003/11/25 23:10:08Darren Tucker2003-12-091-3/+4
| | | | | [ssh-add.1] ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
* - jmc@cvs.openbsd.org 2003/06/10 09:12:11Damien Miller2003-06-111-20/+20
| | | | | | | | | | | [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - section reorder - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
* - (djm) OpenBSD CVS SyncDamien Miller2003-04-011-4/+5
| | | | | | | | | | - jmc@cvs.openbsd.org 2003/03/28 10:11:43 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - killed whitespace - new sentence new line - .Bk for arguments ok markus@
* - markus@cvs.openbsd.org 2003/02/10 11:51:47Damien Miller2003-02-241-2/+2
| | | | | [ssh-add.1] xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490
* - markus@cvs.openbsd.org 2003/01/23 13:50:27Damien Miller2003-01-241-2/+10
| | | | | | | [authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -c, prompt user for confirmation (using ssh-askpass) when private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@
* - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom2002-06-211-2/+2
| | | | | | | | | [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
* - stevesk@cvs.openbsd.org 2002/06/10 17:36:23Ben Lindstrom2002-06-111-2/+4
| | | | | | [ssh-add.1 ssh-add.c] use convtime() to parse and validate key lifetime. can now use '-t 2h' etc. ok markus@ provos@
* - markus@cvs.openbsd.org 2002/06/05 21:55:44Ben Lindstrom2002-06-061-1/+5
| | | | | | [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -t life, Set lifetime (in seconds) when adding identities; ok provos@
* - markus@cvs.openbsd.org 2002/06/05 19:57:12Ben Lindstrom2002-06-061-2/+6
| | | | | | [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -x for lock and -X for unlocking the agent. todo: encrypt private keys with locked...