Zum Hauptinhalt springen

5.2. Adding Keys to the Agent

Diese Seite fasst den entsprechenden Abschnitt von RFC 9987 zusammen und bewahrt Nummern, Nachrichtennamen und Sicherheitsanforderungen des SSH-Agent-Protokolls.

Keys may be added with SSH_AGENTC_ADD_IDENTITY or SSH_AGENTC_ADD_ID_CONSTRAINED. The constrained variant adds a constraint[] constraints field.

The document defines formats for DSA (ssh-dss), ECDSA (ecdsa-sha2-*), EdDSA (ssh-ed25519, ssh-ed448), RSA (ssh-rsa), other vendor-specific key types, and keys from smart cards or hardware tokens.

For token-hosted keys, SSH_AGENTC_ADD_SMARTCARD_KEY and SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED carry token id, PIN, and optional constraints. An agent MUST return SSH_AGENT_SUCCESS if one or more keys were loaded and SSH_AGENT_FAILURE if no keys were found, the token was not recognized, policy refused the request, or token-hosted keys are unsupported.