The SSH_AGENT utility starts the SSH authentication agent to use an
SSH client that is configured to use public-key user authentication. Because
the authentication agent holds private keys in memory, the user does not
need to enter a passphrase if one exists for the key being used. As long
as the agent is running, all key-related operations are directed to the agent.
On startup, the agent does not hold any private keys. Keys are added
by using the SSH_ADD command. Several identities can be stored in the agent,
and the agent can use any of these identities automatically. The command
SSH_ADD -l displays the identities currently held by the agent.
When the SSH agent starts up, it assigns the logical name TCPIP$SSH_AGENT_PORT
in the process job table, which is shared by a process and its subprocesses.
Client programs use this value to start communication with the agent, in turn
assigning the logical name TCPIP$SSH_CLIENT_PORT. The agent uses the latter
logical name to check that the client is a valid user on the same job (that
is, in the parent of the agent subprocess).
The agent terminates when the user logs out or stops the agent.
Command Synopsis |
 |
SSH_AGENT [-d debug_level]
Options |
|
Table 7–6 describes the
options you can use with the SSH_AGENT command.
Table 7-6 SSH_AGENT Command Options
| Options | Description |
|---|
-d debug-level | Displays debug information. The debug-level value
is a number from 0 to 99, where 99 specifies that all debug information or
a comma-separated list of assignments should be displayed. |
Examples |
|
The following example shows a normal agent startup and displays the
value of the TCPIP$SSH_AGENT_PORT logical name:
$ SSH_AGENT
%DCL-S-SPAWNED, process USER01_67 spawned
$ SHOW USER/FULL
USER01 OpenVMS User Processes at 12-AUG-2003 13:49:36.29
Total number of users = 1, number of processes = 2
Username Process Name PID Terminal
USER01 USER01 00000B53 RTA1: (SYS01::USER01)
USER01 USER01_67 00000EB8 (subprocess of 00000B53)
$ SHOW LOGICAL TCPIP$SSH_AGENT_PORT
"TCPIP$SSH_AGENT_PORT" = "49198" (LNM$JOB_81425DC0) |
The following example shows an attempt to start a second agent within
the same parent process.
$ SSH_AGENT
%DCL-S-SPAWNED, process USER01_253 spawned
$ Agent already running on port: 49198. Cannot start agent
%TCPIP-F-SSH_FATAL, non-specific fatal error condition |
The following example shows the message displayed when a client not
in the current user's job attempts to connect to the user's agent subprocess:
$ Possible security attack. Actual socket port of client: 49202 did not match
value of logical name TCPIP$SSH_CLIENT_PORT: "" |
