blob: 70ecec647025eecb2020ba0ce87d2e957646c6b9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
.TH SSH-AGENT 1
.SH NAME
ssh-agent \- SSH authentication agent
.SH SYNOPSIS
.B ssh-agent
[
.B -l
]
.I factotum-service
.SH DESCRIPTION
.I Ssh-agent
presents
.MR factotum (4)
using the interface that
.MR ssh (1)
requires.
.PP
Once
.I ssh-agent
and
.I factotum
are running, the standard Unix SSH client
can use
.I ssh-agent
(and, indirectly,
.IR factotum )
to authenticate to remote systems using RSA or DSA keys.
.PP
.I Ssh
accesses
.I ssh-agent
via a Unix socket named
.B ssh-agent.socket
in the name space directory
(see
.MR intro (4) ).
Note that although the socket is posted in the name space
directory, it is not for 9P conversations.
.I Ssh
expects the name of this socket to be in the environment as
.BR $SSH_AGENT_SOCK ,
and expects the agent to be running with process id
.BR $SSH_AGENT_PID .
.I Ssh-agent
prints shell commands to set these two variables
before forking itself into the background.
It is typically invoked inside a shell
.B eval
construct; see the examples below.
The
.B -e
option causes
.I ssh-agent
to include
.B export
commands to put the variables into the environment of future programs.
.PP
If the
.B -l
option is given,
.I ssh-agent
lists the usable
.I factotum
keys in the standard SSH format, suitable for creating an
.B authorized_keys
file.
.PP
.I Ssh-agent
connects to
.I factotum
by accessing
.I factotum-service
(default
.RB ` factotum ')
in the current name space.
.PP
There is a Unix program called
.I ssh-agent
that manages SSH keys itself.
Invoke this one with
.B 9
.BR ssh-agent ;
see
.MR 9 (1) .
.SH EXAMPLES
Assume
.MR factotum (4)
is already running and initialized with keys.
.PP
Start a new agent, copying the commands by hand:
.IP
.EX
$ 9 ssh-agent -e
SSH_AUTH_SOCK=/tmp/ssh-405795003d7ee27a/agent.4233;
export SSH_AUTH_SOCK;
SSH_AGENT_PID=4233;
export SSH_AGENT_PID;
$ SSH_AUTH_SOCK=/tmp/ssh-405795003d7ee27a/agent.4233;
$ export SSH_AUTH_SOCK;
$ SSH_AGENT_PID=4233;
$ export SSH_AGENT_PID;
$
.EE
.PP
Start the agent from
.MR sh (1) :
.IP
.EX
$ eval `9 ssh-agent -e`
$
.EE
.PP
Start the agent from
.MR rc (1) :
.IP
.EX
% eval `{9 ssh-agent}
%
.EE
.PP
Use the agent to connect to a remote system:
.IP
.EX
% ssh tux
tux% ^D
%
.EE
.SH SOURCE
.B \*9/src/cmd/auth/ssh-agent.c
.SH SEE ALSO
.MR ssh (1) ,
.MR rsa (1) ,
.MR factotum (4)
.SH BUGS
A surprise rather than a bug:
.I ssh-agent
connects to factotum on demand, so it can be
started before
.I factotum
is running and need not be restarted just because
.I factotum
is.
|