SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
        scp2
        sftp2
        ssh-add2
        ssh-agent2
        ssh-dummy-shell
        ssh-keygen2
        ssh-probe2
        ssh-sft-stage
        ssh2
        ssh2_config
        sshd-check-conf
        sshd2
        sshd2_config
        sshd2_subconfig
        sshregex
    Log Messages >>

ssh-agent2

SSH-AGENT2(1)                  SSH2                 SSH-AGENT2(1)


NAME
       ssh-agent2 - authentication agent


SYNOPSIS
       ssh-agent2 command

       eval `ssh-agent2 [-s] [-c] [-1] [-d]`


DESCRIPTION
       ssh-agent2  is a program that holds authentication private
       keys.  The idea is  that  ssh-agent2  is  started  in  the
       beginning  of  an  X11 session or a login session, and all
       other programs are started as children of  the  ssh-agent2
       program  (command  normally  starts  X11  or  is  the user
       shell).  The programs started under the  agent  inherit  a
       connection  to  the  agent, and the agent is automatically
       used for public-key authentication when logging  to  other
       machines using ssh.

       If  the  ssh-agent2  is started without arguments (no com-
       mand) it will fork and start the  agent  as  a  background
       process.   The  agent  also  prints  a command that can be
       evaluated  in  sh-  or  csh-like   shells,   setting   the
       SSH2_AUTH_SOCK  and  SSH2_AGENT_PID environment variables.
       The SSH2_AGENT_PID environment variable  can  be  used  to
       kill the agent when it is no longer needed (e.g.  when you
       logout from X11).  If no options are given, the ssh-agent2
       uses  the SHELL environment variable to detect the kind of
       shell you have (csh or sh).  The -c option enforces  using
       csh-style, and the -s option enforces sh-style.

       Note that in SysV variants (at least IRIX and Solaris) the
       environment variable SHELL might not  contain  the  actual
       value  of the shell executing the evaluation.  If ALTSHELL
       is set to YES in /etc/default/login, the SHELL environment
       variable is set to the login shell of the user.

       Initially  the agent does not have any private keys.  Keys
       are added using ssh-add2(1).  Several  identities  can  be
       stored  in  the agent, and the agent can automatically use
       any of these identities.  ssh-add2 -l displays the identi-
       ties currently held by the agent.

       The  idea is that the agent is run on the user's local PC,
       laptop, or terminal.  Authentication data does not have to
       be   stored  on  any  other  machine,  and  authentication
       passphrases never go over the network.  However, the  con-
       nection  to the agent is forwarded over ssh remote logins,
       and the user can thus use  the  privileges  given  by  the
       identities anywhere in the network in a secure way.

       A  connection to the agent is inherited by child programs.
       A Unix-domain  socket  is  created  (/tmp/ssh-$USER/agent-
       socket-<pid>),  where  <pid> is the process ID of the lis-
       tener (agent or sshd proxying the  agent).   The  name  of
       this  socket  is  stored in the SSH2_AUTH_SOCK environment
       variable.  The socket is made accessible only to the  cur-
       rent  user.   This  method can easily be abused by root or
       another instance of the same user.  Older versions of  ssh
       used  inherited  file descriptors for contacting the agent
       and used the Unix-domain sockets in an incompatible way.

       If the command is given as an argument to ssh-agent2,  the
       agent  exits  automatically  when the command given on the
       command line terminates.  The command is executed even  if
       the  agent  fails  to  start its key storing and challenge
       processing services.

       The -d debug_level option prints extensive debug  informa-
       tion to stderr.  debug_level is either a number, from 0 to
       99, where 99 specifies that all debug  information  should
       be  displayed, or a comma-separated list of assignments of
       the   format   ModulePattern=debug_level,   for    example
       "*=10,sshd2=2".  This  should be the first argument on the
       command line.


COMPATIBILITY
       With the -1 option, ssh-agent2 can serve old SSH1 applica-
       tions  and be accessed with the ssh-add(1) program shipped
       with  old  SSH1  releases.   The   environment   variables
       SSH_AUTH_SOCK  and SSH_AGENT_PID will be set appropriately
       and keys are shared with both protocols.


FILES
       $HOME/.ssh2/id_KEYTYPE_KEYLEN_XX
              Contains the private-key authentication identity of
              the user.  This file should not be readable by any-
              one but the user.  It  is  possible  to  specify  a
              passphrase   when   generating  the  key,  and  the
              passphrase will be used to encrypt the private part
              of  this file.  This file is not used by ssh-agent2
              but it is normally added to the  agent  using  ssh-
              add2 at login time.

       /tmp/ssh-$USER/agent-socket-<pid>
              Unix-domain  sockets used to contain the connection
              to the authentication agent.  These sockets  should
              only  be readable by the owner.  The sockets should
              be automatically removed when the agent exits.  The
              parent directory of ssh2-$USER must have its sticky
              bit set.


AUTHORS
       SSH Communications Security Corp.

       For more information, see http://www.ssh.com.


SEE ALSO
       ssh-add2(1), ssh-keygen2(1), ssh2(1), sshd2(8), sftp2(1)

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice