ssh-agent – SSH authentication agent|
ssh−agent [ −l ] factotum-service|
Ssh-agent presents factotum(4) using the interface that ssh(1)
Once ssh-agent and factotum are running, the standard Unix SSH
client can use ssh-agent (and, indirectly, factotum) to authenticate
to remote systems using RSA or DSA keys.
Ssh accesses ssh-agent via a Unix socket named ssh−agent.socket
in the name space directory (see intro(4)). Note that although
the socket is posted in the name space directory, it is not for
9P conversations. Ssh expects the name of this socket to be in
the environment as $SSH_AGENT_SOCK, and expects the agent to be
running with process id
$SSH_AGENT_PID. Ssh-agent prints shell commands to set these two
variables before forking itself into the background. It is typically
invoked inside a shell eval construct; see the examples below.
The −e option causes ssh-agent to include export commands to put
the variables into the environment of future programs.
If the −l option is given, ssh-agent lists the usable factotum
keys in the standard SSH format, suitable for creating an authorized_keys
Ssh-agent connects to factotum by accessing factotum-service (default
‘factotum’) in the current name space.
There is a Unix program called ssh-agent that manages SSH keys
itself. Invoke this one with 9 ssh−agent; see 9(1).|
Assume factotum(4) is already running and initialized with keys.
Start a new agent, copying the commands by hand:|
Start the agent from sh(1):
$ 9 ssh−agent −e|
$ export SSH_AUTH_SOCK;
$ export SSH_AGENT_PID;
Start the agent from rc(1):
$ eval `9 ssh−agent −e`|
Use the agent to connect to a remote system:
A surprise rather than a bug: ssh-agent connects to factotum on
demand, so it can be started before factotum is running and need
not be restarted just because factotum is.|