diff --git a/openssh/openssh.spec b/openssh/openssh.spec index a31b111c99..58c8187b74 100644 --- a/openssh/openssh.spec +++ b/openssh/openssh.spec @@ -44,7 +44,7 @@ Distribution: OpenPKG [REL] Group: Cryptography License: BSD Version: 3.1p1 -Release: 20020312 +Release: 20020507 # list of sources Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz @@ -53,6 +53,9 @@ Source2: rc.openssh Source3: sshd_config Source4: ssh_config Source5: ssh-askpass +Source6: ssh-keyman +Source7: ssh-keyman.1 +Source8: ssh-keyman.pod # build information Prefix: %{l_prefix} @@ -170,6 +173,12 @@ AutoReqProv: no # make sure the state directory exists %{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/var/openssh + # install addons + %{l_shtool} install -c -m 755 -e 's;@l_prefix@;%{l_prefix};g' \ + %{SOURCE ssh-keyman} $RPM_BUILD_ROOT%{l_prefix}/bin/ + %{l_shtool} install -c -m 644 -e 's;@l_prefix@;%{l_prefix};g' \ + %{SOURCE ssh-keyman.1} $RPM_BUILD_ROOT%{l_prefix}/man/man1/ + # install run-command script %{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d %{l_shtool} install -c -m 755 -e 's;@l_prefix@;%{l_prefix};g' \ diff --git a/openssh/ssh-keyman b/openssh/ssh-keyman new file mode 100644 index 0000000000..2c6c1d0f44 --- /dev/null +++ b/openssh/ssh-keyman @@ -0,0 +1,270 @@ +#!/bin/sh +## +## ssh-keyman -- authentication key agent management +## Copyright (c) 2002 Ralf S. Engelschall +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## +## ssh-keyman: program implementation (language: Bourne-Shell) +## + +# program information +prog_name="ssh-keyman" +prog_vers="1.0.0" +prog_date="05-May-2002" + +# OpenSSH programs +ssh_agent="@l_prefix@/bin/ssh-agent" +ssh_add="@l_prefix@/bin/ssh-add" + +# parse command line options +opt_q=no; alias_quiet=q +opt_c=no; alias_cluster=c +opt_e=no; alias_env=e +opt_s=no; alias_start=s +opt_k=no; alias_kill=k +opt_a=no; alias_add=a +opt_d=no; alias_delete=d +opt_l=no; alias_list=l +opt_h=no; alias_help=h +opt_v=no; alias_version=v +if [ $# -eq 0 ]; then + opt_h=yes +fi +while [ $# -gt 0 ]; do + if [ ".$1" = ".--" ]; then + shift + break + fi + case $1 in + --quiet|--cluster|--env|--start|--kill|--add|--delete|--list|--help|--version ) + name=`echo x$1 | sed -e 's;^x--;;'` + eval "name=\$alias_${name}" + eval "opt_${name}=yes" + ;; + -[qceskadlhv] ) + name=`echo x$1 | sed -e 's;^x-;;'` + eval "opt_${name}=yes" + ;; + -* ) + echo "$prog_name:ERROR: unknown option \"$opt\"" 1>&2 + exit 1 + ;; + * ) + break + ;; + esac + shift +done + +# stand-alone operation: display help information +if [ ".$opt_h" = .yes ]; then + echo "Usage: $prog_name [-h] [-v] [-q] [-c] [-e] [-s] [-k] [-a] [-d] [-l] [keyfile ...]" + exit 0 +fi + +# stand-alone operation: display version information +if [ ".$opt_v" = .yes ]; then + echo "$prog_name $prog_vers ($prog_date)" + exit 0 +fi + +# determine agent information filename +hostname=`hostname` +agentfile="$HOME/.ssh/agent-$hostname" +if [ ".$opt_c" = .no ]; then + if [ ! -f $agentfile ]; then + agentfile="$HOME/.ssh/agent" + fi +fi + +# export agent configuration +export SSH_AUTH_SOCK +export SSH_AGENT_PID + +# perform agent information sanity check +check_agent_info () { + location="$1" + if [ ".$SSH_AUTH_SOCK" != . -o ".$SSH_AGENT_PID" != . ]; then + invalid="" + if [ ".$SSH_AUTH_SOCK" = . -o ".$SSH_AGENT_PID" = . ]; then + # just one of the two information is not enough + invalid="partial agent information missing" + else + # make sure the agent process is (still) running + kill -0 $SSH_AGENT_PID >/dev/null 2>&1 + if [ $? -ne 0 ]; then + invalid="agent process $SSH_AGENT_PID is no longer valid" + else + if [ ! -r $SSH_AUTH_SOCK ]; then + invalid="agent socket $SSH_AUTH_SOCK is no longer existing" + fi + fi + fi + if [ ".$invalid" != . ]; then + echo "$prog_name:WARNING: invalid agent information found in $location." 1>&2 + echo "$prog_name:WARNING: reason: $invalid." 1>&2 + if [ ".$location" = ".your shell environment" ]; then + echo "$prog_name:HINT: run \"eval \`$prog_name -q -s -e\`\" to fix." 1>&2 + fi + unset SSH_AUTH_SOCK + unset SSH_AGENT_PID + fi + fi +} +check_agent_info "your shell environment" +if [ -f $agentfile ]; then + . $agentfile + check_agent_info "in saved agent state" + if [ ".$SSH_AUTH_SOCK" = . -a ".$SSH_AGENT_PID" = . ]; then + rm -f $agentfile + fi +fi + +# if (now guarrantied to be correct) agent state is in +# environment, but it is (no longer?) saved, save it now to fix situation. +if [ ! -f $agentfile ]; then + if [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" != . ]; then + ( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" + echo "SSH_AGENT_PID=$SSH_AGENT_PID" + ) >$agentfile && chmod 700 $agentfile + echo "$prog_name:WARNING: valid agent information in your environment" 1>&2 + echo "$prog_name:WARNING: but no saved agent state file -- fixed" 1>&2 + fi +fi + +# stop the agent +if [ ".$opt_k" = .yes ]; then + # stop the agent + kill=yes + + if [ ".$SSH_AUTH_SOCK" = . -a ".$SSH_AGENT_PID" = . ]; then + if [ ".$opt_q" = .no ]; then + echo "$prog_name: agent not running" + fi + else + kill $SSH_AGENT_PID >/dev/null 2>&1 || true + if [ ".$opt_q" = .no ]; then + echo "$prog_name: stopped agent (pid $SSH_AGENT_PID)" + fi + rm -f $agentfile + unset SSH_AUTH_SOCK + unset SSH_AGENT_PID + fi +fi + +# start the agent +if [ ".$opt_s" = .yes ]; then + if [ ".$SSH_AUTH_SOCK" != . -a ".$SSH_AGENT_PID" != . ]; then + if [ ".$opt_q" = .no ]; then + echo "$prog_name: agent already running" + fi + else + eval `nohup $ssh_agent -s /dev/null | grep -v 'Agent pid'` + if [ ".$opt_q" != .yes ]; then + echo "$prog_name: spawned agent (pid $SSH_AGENT_PID)" + fi + ( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" + echo "SSH_AGENT_PID=$SSH_AGENT_PID" + ) >$agentfile && chmod 700 $agentfile + fi +fi + +# setup environment +if [ ".$opt_e" = .yes ]; then + if [ ".$SSH_AUTH_SOCK" = . -a ".$SSH_AGENT_PID" = . ]; then + echo "$prog_name:WARNING: agent not running" 1>&2 + else + cat $agentfile + echo "export SSH_AUTH_SOCK" + echo "export SSH_AGENT_PID" + fi +fi + +# delete key(s) from agent +if [ ".$opt_d" = .yes ]; then + if [ ".$SSH_AUTH_SOCK" = . -a ".$SSH_AGENT_PID" = . ]; then + echo "$prog_name:WARNING: agent not running" 1>&2 + else + if [ $# -eq 0 ]; then + if [ ".$opt_q" = .no ]; then + echo "$prog_name: deleting all keys" + fi + $ssh_add -D + else + if [ ".$opt_q" = .no ]; then + for key in "$@"; do + echo "$prog_name: deleting key $key" + done + fi + $ssh_add -d "$@" + fi + fi +fi + +# add key(s) into agent +if [ ".$opt_a" = .yes ]; then + if [ ".$SSH_AUTH_SOCK" = . -a ".$SSH_AGENT_PID" = . ]; then + echo "$prog_name:WARNING: agent not running" 1>&2 + else + if [ $# -eq 0 ]; then + echo "$prog_name:ERROR: no keys specified on command line" 1>&2 + exit 1 + fi + key_loaded=`$ssh_add -l | awk '{ print $2; }'` + key_missing="" + for key_file in "$@"; do + if [ -f "${key_file}.pub" ]; then + key_this=`ssh-keygen -l -f ${key_file}.pub 2>&1 | awk '{ print $2; }'` + else + key_this=`ssh-keygen -l -f ${key_file} 2>&1 | awk '{ print $2; }'` + fi + load=yes + for key in $key_loaded; do + if [ ".$key" = ".$key_this" ]; then + load=no + break + fi + done + if [ ".$load" = .yes ]; then + if [ ".$opt_q" = .no ]; then + echo "$prog_name: loading key $key_file" + fi + key_missing="$key_missing $key_file" + else + if [ ".$opt_q" = .no ]; then + echo "$prog_name: skipping key $key_file (already loaded)" + fi + fi + done + if [ ".$key_missing" != . ]; then + $ssh_add $key_missing + fi + fi +fi + +# list key(s) available in agent +if [ ".$opt_l" = .yes ]; then + if [ ".$SSH_AUTH_SOCK" = . -a ".$SSH_AGENT_PID" = . ]; then + echo "$prog_name:WARNING: agent not running" 1>&2 + else + $ssh_add -l + fi +fi + diff --git a/openssh/ssh-keyman.1 b/openssh/ssh-keyman.1 new file mode 100644 index 0000000000..7b921aefec --- /dev/null +++ b/openssh/ssh-keyman.1 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Tue May 7 19:43:46 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSH-KEYMAN 1" +.TH SSH-KEYMAN 1 "perl v5.6.1" "2002-05-07" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\fBssh-keyman\fR \- authentication key agent management +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBssh-keyman\fR +[\fB\-q\fR] +[\fB\-c\fR] +[\fB\-k\fR] +[\fB\-s\fR] +[\fB\-e\fR] +[\fB\-d\fR] +[\fB\-a\fR] +[\fB\-l\fR] +[\fIkeyfile\fR ...] +.PP +\&\fBssh-keyman\fR +\&\fB\-h\fR +\&\fB\-v\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBssh-keyman\fR is a frontend to the \fBssh-agent\fR and \fBssh-add\fR commands +for managing a long-running \fBssh-agent\fR process. The idea is that +a single \fBssh-agent\fR process is kept persistently running across +multiple user login sessions in order to prevent the startup of multiple +\&\fBssh-agent\fR processes and to avoid having to enter pass-phrases more +often than really necessary from a security point of view. +.PP +The command line options can be combined and are executed internally in +the given order below. +.Ip "\fB\-q\fR, \fB\*(--quiet\fR" 4 +.IX Item "-q, quiet" +Quiet operation. Do not print verbose messages. +.Ip "\fB\-c\fR, \fB\*(--cluster\fR" 4 +.IX Item "-c, cluster" +Cluster indicator. This forces the use of +\&\fB$HOME/.ssh/agent-\fR\fIhostname\fR as the agent attachment informations +file instead of the default \fB$HOME/.ssh/agent\fR. Use this if your home +directory is NFS-mounted on a cluster of desktops. +.Ip "\fB\-k\fR, \fB\*(--kill\fR" 4 +.IX Item "-k, kill" +Kill agent. This makes sure the \fBssh-agent\fR process +is no longer running. +.Ip "\fB\-s\fR, \fB\*(--start\fR" 4 +.IX Item "-s, start" +Start agent. This makes sure the \fBssh-agent\fR process is +running. If not, it automatically spawns a new one. +.Ip "\fB\-e\fR, \fB\*(--env\fR" 4 +.IX Item "-e, env" +Environment setup. This outputs to \fIstdout\fR the Bourne-Shell commands +necessary to attach the current shell session to the \fBssh-agent\fR +process. The intended usage is "\f(CW\*(C`eval `\f(CBssh-keyman\f(CW \-q \-e \-s`\*(C'\fR" from +within \fB$HOME/.xsession\fR or \fB$HOME/.bash_login\fR scripts. +.Ip "\fB\-d\fR, \fB\*(--delete\fR" 4 +.IX Item "-d, delete" +Delete key. This deletes one or more (or all if not \fIkeyfile\fR arguments +are specified at all) from the \fBssh-agent\fR process. +.Ip "\fB\-a\fR, \fB\*(--add\fR" 4 +.IX Item "-a, add" +Add key. This adds one or more keys (in \fIkeyfile\fR) to the \fBssh-agent\fR +process. If a key is already loaded, it is skipped and not reloaded. +Additionally, all specified keys are loaded with a single \fBssh-add\fR +call. This way the pass-phrase dialog is reduced to its possible +minimum. +.Ip "\fB\-l\fR, \fB\*(--list\fR" 4 +.IX Item "-l, list" +List keys. This lists the currently available keys in the \fBssh-agent\fR +process. +.Ip "\fB\-h\fR, \fB\*(--help\fR" 4 +.IX Item "-h, help" +Help information. Display a usage summary on \fIstdout\fR. +.Ip "\fB\-v\fR, \fB\*(--version\fR" 4 +.IX Item "-v, version" +Version information. Display a version summary on \fIstdout\fR. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +\&\fI.xsession\fR: +.PP +.Vb 5 +\& eval `ssh-keyman -q -s -e` +\& ssh-keyman -q -a . It was inspired by the similar program +\&\fBkeychain\fR from Daniel Robbins . The main +difference between \fBkeychain\fR and \fBssh-keyman\fR is that \fBssh-keyman\fR +uses a more orthogonal interface which even allows you to combine +multiple actions into a single call. diff --git a/openssh/ssh-keyman.pod b/openssh/ssh-keyman.pod new file mode 100644 index 0000000000..636f53d56d --- /dev/null +++ b/openssh/ssh-keyman.pod @@ -0,0 +1,169 @@ +## +## ssh-keyman -- authentication key agent management +## Copyright (c) 2002 Ralf S. Engelschall +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## +## ssh-keyman.pod: Unix manual page (language: POD) +## + +=pod + +=head1 NAME + +B - authentication key agent management + +=head1 SYNOPSIS + +B +[B<-q>] +[B<-c>] +[B<-k>] +[B<-s>] +[B<-e>] +[B<-d>] +[B<-a>] +[B<-l>] +[I ...] + +B +B<-h> +B<-v> + +=head1 DESCRIPTION + +B is a frontend to the B and B commands +for managing a long-running B process. The idea is that +a single B process is kept persistently running across +multiple user login sessions in order to prevent the startup of multiple +B processes and to avoid having to enter pass-phrases more +often than really necessary from a security point of view. + +The command line options can be combined and are executed internally in +the given order below. + +=over 4 + +=item B<-q>, B<--quiet> + +Quiet operation. Do not print verbose messages. + +=item B<-c>, B<--cluster> + +Cluster indicator. This forces the use of +B<$HOME/.ssh/agent->I as the agent attachment informations +file instead of the default B<$HOME/.ssh/agent>. Use this if your home +directory is NFS-mounted on a cluster of desktops. + +=item B<-k>, B<--kill> + +Kill agent. This makes sure the B process +is no longer running. + +=item B<-s>, B<--start> + +Start agent. This makes sure the B process is +running. If not, it automatically spawns a new one. + +=item B<-e>, B<--env> + +Environment setup. This outputs to F the Bourne-Shell commands +necessary to attach the current shell session to the B +process. The intended usage is "C -q -e -s`>" from +within B<$HOME/.xsession> or B<$HOME/.bash_login> scripts. + +=item B<-d>, B<--delete> + +Delete key. This deletes one or more (or all if not I arguments +are specified at all) from the B process. + +=item B<-a>, B<--add> + +Add key. This adds one or more keys (in I) to the B +process. If a key is already loaded, it is skipped and not reloaded. +Additionally, all specified keys are loaded with a single B +call. This way the pass-phrase dialog is reduced to its possible +minimum. + +=item B<-l>, B<--list> + +List keys. This lists the currently available keys in the B +process. + +=item B<-h>, B<--help> + +Help information. Display a usage summary on F. + +=item B<-v>, B<--version> + +Version information. Display a version summary on F. + +=back + +=head1 EXAMPLE + +F<.xsession>: + + eval `ssh-keyman -q -s -e` + ssh-keyman -q -a : + + eval `ssh-keyman -q -s -e` + +=head1 FILES + +=over 4 + +=item B<$HOME/.ssh/agent> + +The generated shell script for attaching the current shell +session (and all of its sub-processes) to the B process. +At any time this can be directly sourced from within the shell session +or indirectly through the B B<-e> option. +This file is used if the cluster option B<-c> is not used. + +=item B<$HOME/.ssh/agent->I + +The generated shell script for attaching the current shell +session (and all of its sub-processes) to the B process. +At any time this can be directly sourced from within the shell session +or indirectly through the B B<-e> option. +This file is used if the cluster option B<-c> is used. + +=back + +=head1 SEE ALSO + +B(1), B(1). + +=head1 HISTORY + +B was written in May 2002 by Ralf S. Engelschall +Erse@engelschall.comE. It was inspired by the similar program +B from Daniel Robbins Edrobbins@gentoo.orgE. The main +difference between B and B is that B +uses a more orthogonal interface which even allows you to combine +multiple actions into a single call. + +=cut +