man(1) Manual page archive


     SSH-AGENT(1)                                         SSH-AGENT(1)

     NAME
          ssh-agent - SSH authentication agent

     SYNOPSIS
          ssh-agent [ -l ] factotum-service

     DESCRIPTION
          Ssh-agent presents factotum(4) using the interface that
          ssh(1) requires.

          Once ssh-agent and factotum are running, the standard Unix
          SSH client can use ssh-agent (and, indirectly, factotum) to
          authenticate to remote systems using RSA or DSA keys.

          Ssh accesses ssh-agent via a Unix socket named
          ssh-agent.socket in the name space directory (see intro(4)).
          Note that although the socket is posted in the name space
          directory, it is not for 9P conversations.  Ssh expects the
          name of this socket to be in the environment as
          $SSH_AGENT_SOCK, and expects the agent to be running with
          process id $SSH_AGENT_PID.  Ssh-agent prints shell commands
          to set these two variables before forking itself into the
          background.  It is typically invoked inside a shell eval
          construct; see the examples below.  The -e option causes
          ssh-agent to include export commands to put the variables
          into the environment of future programs.

          If the -l option is given, ssh-agent lists the usable
          factotum keys in the standard SSH format, suitable for cre-
          ating an authorized_keys file.

          Ssh-agent connects to factotum by accessing factotum-service
          (default `factotum') in the current name space.

          There is a Unix program called ssh-agent that manages SSH
          keys itself.  Invoke this one with 9 ssh-agent; see 9(1).

     EXAMPLES
          Assume factotum(4) is already running and initialized with
          keys.

          Start a new agent, copying the commands by hand:

               $ 9 ssh-agent -e
               SSH_AUTH_SOCK=/tmp/ssh-405795003d7ee27a/agent.4233;
               export SSH_AUTH_SOCK;
               SSH_AGENT_PID=4233;
               export SSH_AGENT_PID;
               $ SSH_AUTH_SOCK=/tmp/ssh-405795003d7ee27a/agent.4233;
               $ export SSH_AUTH_SOCK;

     SSH-AGENT(1)                                         SSH-AGENT(1)

               $ SSH_AGENT_PID=4233;
               $ export SSH_AGENT_PID;
               $

          Start the agent from sh(1):

               $ eval `9 ssh-agent -e`
               $

          Start the agent from rc(1):

               % eval `{9 ssh-agent}
               %

          Use the agent to connect to a remote system:

               % ssh tux
               tux% ^D
               %

     SOURCE
          /src/cmd/auth/ssh-agent.c

     SEE ALSO
          ssh(1), rsa(1), factotum(4)

     BUGS
          A surprise rather than a bug: ssh-agent connects to factotum
          on demand, so it can be started before factotum is running
          and need not be restarted just because factotum is.