Using the SSH_ADD Utility

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP TCP/IP Services for OpenVMS Guide to SSH

SSH Command Reference

Using the SSH_KEYGEN Utility

Using the SSH_AGENT Utility

Using the SSH_ADD Utility

The SSH_ADD utility adds private keys into the authentication agent. The authentication agent must have been started, usually with the SSH_AGENT utility, and must be running in a subprocess of the current process.

If a private key requires a passphrase, the SSH_ADD utility prompts you to enter it. Passphrases never go over the network.

For SSH_ADD to process a key, both the private and public key files must be present in the same directory. On OpenVMS, a public key file name must have the file extension .PUB (for example, MYKEY.PUB). A private key file name has no file extension (for example, MYKEY.).

Command Synopsis

SSH_ADD [-l] [-d] [-D] [-L] [-U] [files...]

Parameters

The files... parameter specifies one or more public or private key files to load. If you do not specify any key files, SSH_ADD reads the client configuration file (SSH2_CONFIG.) and the IDENTIFICATION. file. If these files do not exist, SSH_ADD exits with an error message. SSH_ADD adds the keys listed in the IDENTIFICATION. file. The utility then adds any private key files it finds in the user's SSH directory. Note that any file names in the SSH directory that begin with the letters "id" and that do not have the file extension .PUB are assumed to be key files. For example, a file named id_22.txt will cause SSH_ADD to fail.

Options

You can use the options in SSH_ADD Command Options with the SSH_ADD command.

Table 5 SSH_ADD Command Options
Options Description

-l
Lists all identities currently represented by the agent.

-d
Removes the identity from the agent.

-D
Deletes all identities from the agent.

-L
Temporarily locks the agent with a password.

-U
Unlocks the locked agent. The password given when the agent was locked must be used to unlock.

**Table 5** **SSH_ADD Command Options**
Options	Description
-l	Lists all identities currently represented by the agent.
-d	Removes the identity from the agent.
-D	Deletes all identities from the agent.
-L	Temporarily locks the agent with a password.
-U	Unlocks the locked agent. The password given when the agent was locked must be used to unlock.

Description

SSH_ADD attempts to load the identities from the specified key files.

Return Status

SSH_ADD returns one of the following exit codes in the case of an error.

TCPIP$_SSH_ADD2_EXIT_NOAGENT -- No connection could be made to the authentication agent. Presumably there is no authentication agent active in the execution environment of the SSH_ADD utility.

TCPIP$_SSH_ADD2_EXIT_BADPASS -- The user did not supply a required passphrase.

TCPIP$_SSH_ADD2_EXIT_NOFILE -- An identity file could not be found, was unreadable, or was in the wrong format.

TCPIP$_SSH_ADD2_EXIT_NOIDENTITY -- The agent does not have the requested identity.

TCPIP$_SSH_ADD2_EXIT_ERROR -- An unspecified error has occurred.

Example

In the following example, the SSH_AGENT is not running:

$ SSH_ADD
Failed to connect to authentication agent -- agent not running?
%TCPIP-E-SSH_ADD2_EXIT_N, no connection could be made to the authentication agent

In the following example, SSH_ADD adds the keys it finds in the IDENTIFICATION. file:

$ SSH_ADD
Unable to open ssh2/ssh2_config
Unable to open ssh2/identification
Adding identity: ssh2/id_dsa_1024_a.pub
Need passphrase for "ssh2/id_dsa_1024_a." (1024-bit dsa, kathy@host.computer.com, Mon Aug 11 2003 15:39:46). Enter passphrase:

Using the SSH_KEYGEN Utility

Using the SSH_AGENT Utility