Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Transferring Files >>
    Tunneling >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Advanced Information >>
    Man Pages >>
        ssh-certview >>
        ssh-cmpclient >>
        ssh-scepclient >>
    Log Messages >>


SSH-AGENT2(1)                  SSH2                 SSH-AGENT2(1)

       ssh-agent2 - authentication agent

       ssh-agent2 command

       eval `ssh-agent2 [-s] [-c] [-1] [-d]`

       ssh-agent2  is a program that holds authentication private
       keys.  The idea is  that  ssh-agent2  is  started  in  the
       beginning  of  an  X11 session or a login session, and all
       other programs are started as children of  the  ssh-agent2
       program  (command  normally  starts  X11  or  is  the user
       shell).  The programs started under the  agent  inherit  a
       connection  to  the  agent, and the agent is automatically
       used for public-key authentication when logging  to  other
       machines using ssh.

       If  the  ssh-agent2  is started without arguments (no com-
       mand) it will fork and start the  agent  as  a  background
       process.   The  agent  also  prints  a command that can be
       evaluated  in  sh-  or  csh-like   shells,   setting   the
       SSH2_AUTH_SOCK  and  SSH2_AGENT_PID environment variables.
       The SSH2_AGENT_PID environment variable  can  be  used  to
       kill the agent when it is no longer needed (e.g.  when you
       logout from X11).  If no options are given, the ssh-agent2
       uses  the SHELL environment variable to detect the kind of
       shell you have (csh or sh).  The -c option enforces  using
       csh-style, and the -s option enforces sh-style.

       Note that in SysV variants (at least IRIX and Solaris) the
       environment variable SHELL might not  contain  the  actual
       value  of the shell executing the evaluation.  If ALTSHELL
       is set to YES in /etc/default/login, the SHELL environment
       variable is set to the login shell of the user.

       Initially  the agent does not have any private keys.  Keys
       are added using ssh-add2(1).  Several  identities  can  be
       stored  in  the agent, and the agent can automatically use
       any of these identities.  ssh-add2 -l displays the identi-
       ties currently held by the agent.

       The  idea is that the agent is run on the user's local PC,
       laptop, or terminal.  Authentication data does not have to
       be   stored  on  any  other  machine,  and  authentication
       passphrases never go over the network.  However, the  con-
       nection  to the agent is forwarded over ssh remote logins,
       and the user can thus use  the  privileges  given  by  the
       identities anywhere in the network in a secure way.

       A  connection to the agent is inherited by child programs.
       A Unix-domain  socket  is  created  (/tmp/ssh-$USER/agent-
       socket-<pid>),  where  <pid> is the process ID of the lis-
       tener (agent or sshd proxying the  agent).   The  name  of
       this  socket  is  stored in the SSH2_AUTH_SOCK environment
       variable.  The socket is made accessible only to the  cur-
       rent  user.   This  method can easily be abused by root or
       another instance of the same user.  Older versions of  ssh
       used  inherited  file descriptors for contacting the agent
       and used the Unix-domain sockets in an incompatible way.

       If the command is given as an argument to ssh-agent2,  the
       agent  exits  automatically  when the command given on the
       command line terminates.  The command is executed even  if
       the  agent  fails  to  start its key storing and challenge
       processing services.

       The -d debug_level option prints extensive debug  informa-
       tion to stderr.  debug_level is either a number, from 0 to
       99, where 99 specifies that all debug  information  should
       be  displayed, or a comma-separated list of assignments of
       the   format   ModulePattern=debug_level,   for    example
       "*=10,sshd2=2".  This  should be the first argument on the
       command line.

       With the -1 option, ssh-agent2 can serve old SSH1 applica-
       tions  and be accessed with the ssh-add(1) program shipped
       with  old  SSH1  releases.   The   environment   variables
       SSH_AUTH_SOCK  and SSH_AGENT_PID will be set appropriately
       and keys are shared with both protocols.

              Contains the private-key authentication identity of
              the user.  This file should not be readable by any-
              one but the user.  It  is  possible  to  specify  a
              passphrase   when   generating  the  key,  and  the
              passphrase will be used to encrypt the private part
              of  this file.  This file is not used by ssh-agent2
              but it is normally added to the  agent  using  ssh-
              add2 at login time.

              Unix-domain  sockets used to contain the connection
              to the authentication agent.  These sockets  should
              only  be readable by the owner.  The sockets should
              be automatically removed when the agent exits.  The
              parent directory of ssh2-$USER must have its sticky
              bit set.

       SSH Communications Security Corp.

       For more information, see

       ssh-add2(1), ssh-keygen2(1), ssh2(1), sshd2(8), sftp2(1)

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2007 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now