summaryrefslogtreecommitdiffstats
path: root/ssh-agent.1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* typoDamien Miller2024-12-051-1/+1
|
* Support systemd-style socket activation in agentDamien Miller2024-12-041-2/+24
| | | | | | | | | Adds support for systemd LISTEN_PID/LISTEN_FDS socket activation to ssh-agent. Activated when these environment variables are set and the agent is started with the -d or -D option and no socket path is set. Based on GHPR502 by Daniel Kahn Gillmor, ok dtucker
* upstream: ssh-agent implemented an all-or-nothing allow-list ofdjm@openbsd.org2024-11-071-7/+19
| | | | | | | | | | | | | FIDO application IDs for security key-backed keys, to prevent web key handles from being used remotely as this would likely lead to unpleasant surprises. By default, only application IDs that start with "ssh:*" are allowed. This adds a -Owebsafe-allow=... argument that can override the default list with a more or less restrictive one. The default remains unchanged. ok markus@ OpenBSD-Commit-ID: 957c1ed92a8d7c87453b9341f70cb3f4e6b23e8d
* upstream: amake ssh-agent drop all keys when it receives SIGUSR1;djm@openbsd.org2024-10-241-2/+6
| | | | | | | | let's users zap keys without access to $SSH_AUTH_SOCK ok deraadt@ OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023
* use portable provider allowlist path in manpageDamien Miller2023-10-041-1/+1
| | | | spotted by Jann Horn
* upstream: drop a wayward comma, ok jmc@naddy@openbsd.org2023-08-111-3/+3
| | | | OpenBSD-Commit-ID: 5c11fbb9592a29b37bbf36f66df50db9d38182c6
* upstream: man page typos; ok jmc@naddy@openbsd.org2023-07-271-4/+4
| | | | OpenBSD-Commit-ID: e6ddfef94b0eb867ad88abe07cedc8ed581c07f0
* upstream: tweak the allow-remote-pkcs11 text;jmc@openbsd.org2023-07-271-5/+5
| | | | OpenBSD-Commit-ID: bc965460a89edf76865b7279b45cf9cbdebd558a
* upstream: Disallow remote addition of FIDO/PKCS11 providerdjm@openbsd.org2023-07-191-4/+22
| | | | | | | | | | | | | | | libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. ok markus@ OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,jmc@openbsd.org2022-10-241-4/+4
| | | | | | | | | wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: document "-O no-restrict-websafe"; spotted by Ross Ldjm@openbsd.org2022-10-241-2/+25
| | | | | | Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: man pages: add missing commas between subordinate andnaddy@openbsd.org2022-04-061-4/+4
| | | | | | | | | | | main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@ OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3
* Avoid lines >80 chars. From jmc@Darren Tucker2021-08-031-1/+2
|
* upstream: better terminology for permissions; feedback & ok markus@djm@openbsd.org2020-06-221-9/+9
| | | | OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
* upstream: Correct synopsis and usage for the options accepted whendtucker@openbsd.org2020-06-221-3/+8
| | | | | | passing a command to ssh-agent. ok jmc@ OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846
* upstream: Replace the term "security key" with "(FIDO)naddy@openbsd.org2019-12-301-4/+4
| | | | | | | | | authenticator". The polysemous use of "key" was too confusing. Input from markus@. ok jmc@ OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
* upstream: tweak the Nd lines for a bit of consistency; ok markusjmc@openbsd.org2019-12-111-3/+3
| | | | OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16
* upstream: reshuffle the text to read better; input from naddy,jmc@openbsd.org2019-11-291-82/+76
| | | | | | djmc, and dtucker OpenBSD-Commit-ID: a0b2aca2b67614dda3d6618ea097bf0610c35013
* upstream: revert previous: naddy pointed out what's meant tojmc@openbsd.org2019-11-191-3/+5
| | | | | | happen. rethink needed... OpenBSD-Commit-ID: fb0fede8123ea7f725fd65e00d49241c40bd3421
* upstream: -c and -s do not make sense with -k; reshuffle -k intojmc@openbsd.org2019-11-191-6/+4
| | | | | | the main synopsis/usage; ok djm OpenBSD-Commit-ID: f881ba253da015398ae8758d973e3390754869bc
* upstream: ssh-agent support for U2F/FIDO keysdjm@openbsd.org2019-10-311-9/+11
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb
* upstream commitjmc@openbsd.org2016-11-301-12/+13
| | | | | | tweak previous; while here fix up FILES and AUTHORS; Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa
* upstream commitdjm@openbsd.org2016-11-301-2/+15
| | | | | | | add a whitelist of paths from which ssh-agent will load (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
* upstream commitjmc@openbsd.org2015-11-161-2/+2
| | | | | | do not confuse mandoc by presenting "Dd"; Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
* upstream commitjcs@openbsd.org2015-11-161-2/+9
| | | | | | | | | | | | | Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). Initial version from Joachim Schipper many years ago. ok markus@ Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
* upstream commitjmc@openbsd.org2015-11-091-3/+3
| | | | | | | | | | "commandline" -> "command line", since there are so few examples of the former in the pages, so many of the latter, and in some of these pages we had multiple spellings; prompted by tj Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
* upstream commitjmc@openbsd.org2015-04-291-3/+2
| | | | combine -Dd onto one line and update usage();
* upstream commitdjm@openbsd.org2015-04-291-3/+9
| | | | | add ssh-agent -D to leave ssh-agent in foreground without enabling debug mode; bz#2381 ok dtucker@
* upstream commitdjm@openbsd.org2014-12-211-2/+11
| | | | | | | | Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* upstream commitsobrado@openbsd.org2014-10-131-3/+3
| | | | | | | improve capitalization for the Ed25519 public-key signature system. ok djm@
* - djm@cvs.openbsd.org 2014/04/16 23:28:12Damien Miller2014-04-201-37/+16
| | | | | | | [ssh-agent.1] remove the identity files from this manpage - ssh-agent doesn't deal with them at all and the same information is duplicated in ssh-add.1 (which does deal with them); prodded by deraadt@
* - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller2013-12-181-4/+7
| | | | | | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
* - djm@cvs.openbsd.org 2010/11/21 01:01:13Damien Miller2010-12-011-4/+4
| | | | | | [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
* - jmc@cvs.openbsd.org 2010/08/31 17:40:54Damien Miller2010-09-101-3/+3
| | | | | [ssh-agent.1] fix some macro abuse;
* - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller2010-08-311-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* - tedu@cvs.openbsd.org 2010/01/17 21:49:09Damien Miller2010-01-261-4/+5
| | | | | | [ssh-agent.1] Correct and clarify ssh-add's password asking behavior. Improved text dtucker and ok jmc
* - sobrado@cvs.openbsd.org 2009/10/22 15:02:12Darren Tucker2009-10-241-8/+7
| | | | | | | | [ssh-agent.1 ssh-add.1 ssh.1] write UNIX-domain in a more consistent way; while here, replace a few remaining ".Tn UNIX" macros with ".Ux" ones. pointed out by ratchov@, thanks! ok jmc@
* - sobrado@cvs.openbsd.org 2009/10/22 12:35:53Darren Tucker2009-10-241-6/+10
| | | | | | [ssh.1 ssh-agent.1 ssh-add.1] use the UNIX-related macros (.At and .Ux) where appropriate. ok jmc@
* - sobrado@cvs.openbsd.org 2009/03/26 08:38:39Darren Tucker2009-06-211-3/+3
| | | | | | [sftp-server.8 sshd.8 ssh-agent.1] fix a few typographical errors found by spell(1). ok dtucker@, jmc@
* - sobrado@cvs.openbsd.org 2007/09/09 11:38:01Damien Miller2007-09-171-14/+14
| | | | | | [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c] sort synopsis and options in ssh-agent(1); usage is lowercase ok jmc@
* - jmc@cvs.openbsd.org 2007/05/31 19:20:16Darren Tucker2007-06-051-2/+2
| | | | | | | [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] convert to new .Dd format; (We will need to teach mdoc2man.awk to understand this too.)
* - jmc@cvs.openbsd.org 2006/07/18 08:03:09Damien Miller2006-07-241-3/+3
| | | | | [ssh-agent.1 sshd_config.5] mark up angle brackets;
* - dtucker@cvs.openbsd.org 2005/11/28 06:02:56Darren Tucker2005-11-281-4/+4
| | | | | | [ssh-agent.1] Update agent socket path templates to reflect reality, correct xref for time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
* - djm@cvs.openbsd.org 2005/04/21 06:17:50Damien Miller2005-05-261-7/+7
| | | | | | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment variable, so don't say that we do (bz #623); ok deraadt@
* - deraadt@cvs.openbsd.org 2004/07/11 17:48:47Darren Tucker2004-07-171-2/+2
| | | | | | | | [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces
* - dtucker@cvs.openbsd.org 2004/05/13 02:47:50Darren Tucker2004-05-131-5/+17
| | | | | [ssh-agent.1] Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@
* - jmc@cvs.openbsd.org 2003/06/10 09:12:11Damien Miller2003-06-111-6/+6
| | | | | | | | | | | [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - section reorder - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
* - (djm) OpenBSD CVS SyncDamien Miller2003-05-151-2/+2
| | | | | | | - jmc@cvs.openbsd.org 2003/05/14 13:11:56 [ssh-agent.1] setup -> set up; from wiz@netbsd
* - (djm) OpenBSD CVS SyncDamien Miller2003-04-011-3/+4
| | | | | | | | | | - jmc@cvs.openbsd.org 2003/03/28 10:11:43 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - killed whitespace - new sentence new line - .Bk for arguments ok markus@
* - (djm) OpenBSD CVS SyncDamien Miller2003-01-221-1/+10
| | | | | | | | - marc@cvs.openbsd.org 2003/01/21 18:14:36 [ssh-agent.1 ssh-agent.c] Add a -t life option to ssh-agent that set the default lifetime. The default can still be overriden by using -t in ssh-add. OK markus@
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 08:57:35 +0100