[ новости /+++ | форум | теги | ]

NAME
     ssh-agent2 - authentication agent


SYNOPSIS
     ssh-agent2 command

     eval `ssh-agent2 [-s] [-c] [-1]`


DESCRIPTION
     ssh-agent2 is a program to hold authentication private keys.
     The  idea  is that ssh-agent2 is started in the beginning of
     an X-session or a login session, and all  other  windows  or
     programs  are  started as children of the ssh-agent2 program
     (the command normally starts X or is the user  shell).   The
     programs started under the agent inherit a connection to the
     agent, and the agent is automatically used  for  public  key
     authentication when logging to other machines using ssh.

     If the ssh-agent2 is started without any arguments (no  com-
     mand)  it will fork and start the agent as a background pro-
     cess. The agent also prints a command that can be  evaluated
     in  sh  or  csh  like shells, setting the SSH2_AUTH_SOCK and
     SSH2_AGENT_PID environment  variables.   The  SSH2_AGENT_PID
     environment variable can be used to kill the agent away when
     it is no longer needed (when you logout from X-session etc).
     If  no  options  are  given,  the  ssh-agent2 uses the SHELL
     environment variable to detect what kind of shell  you  have
     (*csh or sh-style shell). The -c option will force csh-style
     shell, and -s option will force sh-style shell.

     Note that in SysV variants (at least IRIX and  Solaris)  the
     environment  variable  SHELL  might  not  contain the actual
     value of the shell executing the evaluation.  If ALTSHELL is
     set  to  YES  in  /etc/default/login,  the SHELL environment
     variable is set to the login shell of the user.

     The agent initially does not have any  private  keys.   Keys
     are  added  using ssh-add2. Several identities can be stored
     in the agent; the agent can automatically use any  of  these
     identities.   ssh-add2  -l displays the identities currently
     held by the agent.

     The idea is that the agent is run in the  user's  local  PC,
     laptop,  or  terminal.  Authentication data does not have to
     be  stored  on  any  other   machine,   and   authentication
     passphrases never go over the network.  However, the connec-
     tion to the agent is forwarded over ssh remote  logins,  and
     the user can thus use the privileges given by the identities
     anywhere in the network in a secure way.

     A connection to the agent is inherited by child programs.  A
     unix-domain  socket is created (/tmp/ssh-$USER/agent-socket-
     <pid>), where the <pid> is the process id  of  the  listener
     (agent  or sshd proxying the agent). The name of this socket
     is stored in the SSH2_AUTH_SOCK environment  variable.   The
     socket  is  made  accessible only to the current user.  This
     method can easily be abused by root or another  instance  of
     the  same  user.  Older  versions of ssh used inherited file
     descriptors for contacting the  agent  and  used  the  unix-
     domain sockets in an incompatible way.

     If the command is given as an argument  to  ssh-agent2,  the
     agent exits automatically when the command given on the com-
     mand line terminates.  The command is executed even  if  the
     agent  fails to start its key storing and challenge process-
     ing services.


COMPATIBILITY
     With the option -1 ssh-agent2 can also serve old ssh1 appli-
     cations  and  can  also  be accessed with ssh-add program in
     ssh1 releases.  If the option -1 is given to the ssh-agent2,
     the   program   will  also  set  the  environment  variables
     SSH_AUTH_SOCK and SSH_AGENT_PID and  share  keys  with  both
     protocols.


FILES
     $HOME/.ssh2/id_KEYTYPE_KEYLEN_XX
          Contains the private key authentication identity of the
          user.   This  file should not be readable by anyone but
          the user.  It is possible to specify a passphrase  when
          generating  the  key;  that  passphrase will be used to
          encrypt the private part of this file.   This  file  is
          not  used  by  ssh-agent2, but is normally added to the
          agent using ssh-add2 at login time.

     /tmp/ssh-$USER/agent-socket-<pid>
          Unix domain sockets used to contain the  connection  to
          the authentication agent.  These sockets should only be
          readable by the owner.  The sockets should get automat-
          ically  removed when the agent exits. The parent direc-
          tory of ssh2-$USER must have its sticky bit set.


AUTHORS
     SSH Communications Security Corp

     For more information, see http://www.ssh.com.



SEE ALSO
     ssh-add2(1), ssh-keygen2(1), ssh2(1), sshd2(8), sftp(1)

Партнёры:

Хостинг: