ssh-agent2, ssh-agent - Starts the Secure Shell authentication
agent, which holds private keys in memory
eval `ssh-agent2 [-s] [-c] [-l] [-d] `
The ssh-agent2 part of the eval command and its options
are enclosed in backquotes, not apostrophes.
Specifies the csh-style shell. Specifies the sh-style
shell. Specifies that the ssh-agent2 command can also
serve ssh1 applications, can be accessed with the ssh-add
command in ssh1 releases, sets the SSH_AUTH_SOCK and
SSH_AGENT_PID environment variables, and shares keys with
both protocols. Prints debug information to stderr. The
-d debug_level option is either a number, from 0 to 99,
where 99 specifies that all debug information should be
displayed, or a comma-separated list of assignments (i.e.,
ModulePattern=debug_level). This should be the first
argument on the command line.
The ssh-agent2 command starts the Secure Shell authentication
agent on a Secure Shell client that is configured to
use public key user authentication. The authentication
agent holds the private keys in memory. The programs
started under the agent inherit a connection to the agent,
and the agent is automatically used for public-key authentication
when logging to other machines using Secure
Users are prompted for their passphrase when entering
Secure Shell commands on a Secure Shell server that uses
public key user authentication. To avoid entering a
passphrase multiple times during a session, a user can run
the Secure Shell authentication agent and load their private
keys into the agent. When the agent is running, all
key-related operations are directed to the agent. The
agent terminates when the user logs out or stops the
agent. See Security Administration for more information
about Secure Shell user authentication.
The agent initially does not have any private keys. Keys
are added using the ssh-add2 command. Several identities
can be stored in the agent, and the agent can use any of
these identities automatically. Users must initially
enter the passphrase for each key that they want to load.
Passphrases never go over the network. (The ssh-add2 -l
command displays the identities currently held by the
The command normally starts the X server or is the user
shell. All other windows or programs are started as children
of the agent process and inherit a connection to the
agent. If the command is given as an argument to the sshagent2
command, the authentication agent exits automatically
when the command terminates. The command is executed
even if the authentication agent fails to start its key
storing and challenge processing services. If the sshagent2
command is started without any arguments (no command),
it will fork and start the authentication agent as
a background process.
A Tru64 UNIX domain socket is created as
/tmp/ssh-$USER/agent-socket-pid, where pid is the process
ID of the listener (authentication agent or sshd daemon
proxying the agent). The name of this socket is stored in
the SSH2_AUTH_SOCK environment variable. The socket is
made accessible only to the current user.
The eval command causes the current shell to interpret the
commands output by the ssh-agent2 command and set the
SSH2_AUTH_SOCK and SSH2_AGENT_PID environment variables.
If you omit the eval command, the commands are printed on
standard output when you start the authentication agent.
If the -c or -s options are not given, the ssh-agent2
command uses the SHELL environment variable to detect what
kind of shell you have (csh shell or sh shell). If ALTSHELL
is set to yes in the /etc/default/login file, the
SHELL environment variable is set to the login shell of
The -d debug_level option is either a number, from 0 to
99, where 99 specifies that all debug information should
be displayed, or a comma-separated list of assignments
(i.e., ModulePattern=debug_level). This should be the
first argument on the command line.
ENVIRONMENT VARIABLES [Toc] [Back]
Stores the name of the of the Tru64 UNIX domain socket.
Stops the Secure Shell authentication agent when it is no
longer needed, such as when you log out from an X session.
Contains the user's private key. This file is not used by
the ssh-agent2 command but is normally added to the
authentication agent by using the ssh-add2 command when
the user logs in. This file should not be readable by anyone
but the user. It is possible to specify a passphrase
when generating the key; that passphrase will be
used to encrypt the private part of this file. Contains
the Tru64 UNIX domain sockets used to connect to the
authentication agent, where pid is the process ID of the
listener (authentication agent or sshd daemon proxying the
agent). These sockets should be readable only by the
owner. The sockets are automatically removed when the
authentication agent exits. The parent directory of
ssh2-$USER must have its sticky bit set.
SSH is a registered trademark of SSH Communication Security
Commands: sftp(1), ssh2(1), ssh-add2(1), ssh-keygen2(1),
Guides: Security Administration
[ Back ]