Provided by: keychain_2.7.1-1_all bug

NAME

       keychain - re-use ssh-agent and/or gpg-agent between logins

SYNOPSIS

       keychain [ -hkQqV ] [ --clear --help --ignore-missing --noask
       --nocolor --nogui --nolock --quick --quiet --version ]
       [ --agents list ] [ --attempts num ] [ --dir dirname ]
       [ --host name ] [ --lockwait seconds ] [ --stop which ] [ --timeout minutes ] [ keys... ]

DESCRIPTION

       keychain is a manager for ssh-agent, typically run from ~/.bash_profile.  It allows your
       shells and cron jobs to share a single ssh-agent process.  By default, the ssh-agent
       started by keychain is long-running and will continue to run, even after you have logged
       out from the system.  If you want to change this behavior, take a look at the --clear and
       --timeout options, described below.

       When keychain is run, it checks for a running ssh-agent, otherwise it starts one.  It
       saves the ssh-agent environment variables to ~/.keychain/${HOSTNAME}-sh, so that
       subsequent logins and non-interactive shells such as cron jobs can source the file and
       make passwordless ssh connections.  In addition, when keychain runs, it verifies that the
       key files specified on the command-line are known to ssh-agent, otherwise it loads them,
       prompting you for a password if necessary.

       Keychain also supports gpg-agent in the same ways that ssh-agent is supported.  By default
       keychain attempts to start all available agents but will fall back to only gpg-agent or
       only ssh-agent if either is unavailable.  You can specifically limit keychain using the
       --agents option.

       keychain supports most UNIX-like operating systems, including Cygwin.  It works with
       Bourne-compatible, csh-compatible and fish shells.

OPTIONS

       --agents list
           Start the agents listed.  By default keychain will build the list automatically based
           on the existence of ssh-agent and/or gpg-agent on the system.  The list should be
           comma-separated, for example "gpg,ssh"

       --attempts num
           Try num times to add keys before giving up.  The default is 1.

       --clear
           Delete all of ssh-agent's keys.  Typically this is used in .bash_profile.  The theory
           behind this is that keychain should assume that you are an intruder until proven
           otherwise.  However, while this option increases security, it still allows your cron
           jobs to use your ssh keys when you're logged out.

       --confirm
           Keys are subject to interactive confirmation by the SSH_ASKPASS program before being
           used for authentication.  See the -c option for ssh-add(1).

       --dir dirname
           Keychain will use dirname rather than $HOME/.keychain

       --eval
           Keychain will print lines to be evaluated in the shell on stdout.  It respects the
           SHELL environment variable to determine if Bourne shell or C shell output is expected.

       --env filename
           After parsing options, keychain will load additional environment settings from
           "filename".  By default, if "--env" is not given, then keychain will attempt to load
           from ~/.keychain/[hostname]-env or alternatively ~/.keychain/env.  The purpose of this
           file is to override settings such as PATH, in case ssh is stored in a non-standard
           place.

       -h --help
           Show help that looks remarkably like this man-page. As of 2.6.10, help is sent to
           stdout so it can be easily piped to a pager.

       --host name
           Set alternate hostname for creation of pidfiles

       --ignore-missing
           Don't warn if some keys on the command-line can't be found.  This is useful for
           situations where you have a shared .bash_profile, but your keys might not be available
           on every machine where keychain is run.

       --inherit which
           Attempt to inherit agent variables from the environment.  This can be useful in a
           variety of circumstances, for example when ssh-agent is started by gdm.  The following
           values are valid for "which":

           local       Inherit when a pid (e.g. SSH_AGENT_PID) is set in the environment.  This
                       disallows inheriting a forwarded agent.

           any         Inherit when a sock (e.g. SSH_AUTH_SOCK) is set in the environment.  This
                       allows inheriting a forwarded agent.

           local-once  Same as "local", but only inherit if keychain isn't already providing an
                       agent.

           any-once    Same as "any", but only inherit if keychain isn't already providing an
                       agent.

           By default, keychain-2.5.0 and later will behave as if "--inherit local-once" is
           specified.  You should specify "--noinherit" if you want the older behavior.

       --lockwait seconds
           How long to wait for the lock to become available.  Defaults to 5 seconds. Specify a
           value of zero or more. If the lock cannot be acquired within the specified number of
           seconds, then this keychain process will forcefully acquire the lock.

       --noask
           This option tells keychain do everything it normally does (ensure ssh-agent is
           running, set up the ~/.keychain/[hostname]-{c}sh files) except that it will not prompt
           you to add any of the keys you specified if they haven't yet been added to ssh-agent.

       --nocolor
           Disable color hilighting for non ANSI-compatible terms.

       --nogui
           Don't honor SSH_ASKPASS, if it is set.  This will cause ssh-add to prompt on the
           terminal instead of using a graphical program.

       --noinherit
           Don't inherit any agent processes, overriding the default "--inherit local-once"

       --nolock
           Don't attempt to use a lockfile while manipulating files, pids and keys.

       -k --stop which
           Kill currently running agent processes.  The following values are valid for "which":

           all      Kill all agent processes and quit keychain immediately.  Prior to
                    keychain-2.5.0, this was the behavior of the bare "--stop" option.

           others   Kill agent processes other than the one keychain is providing.  Prior to
                    keychain-2.5.0, keychain would do this automatically.  The new behavior
                    requires that you specify it explicitly if you want it.

           mine     Kill keychain's agent processes, leaving other agents alone.

       -Q --quick
           If an ssh-agent process is running then use it.  Don't verify the list of keys, other
           than making sure it's non-empty.  This option avoids locking when possible so that
           multiple terminals can be opened simultaneously without waiting on each other.

       -q --quiet
           Only print messages in case of warning, error or required interactivity. As of version
           2.6.10, this also suppresses "Identities added" messages for ssh-agent.

       --timeout minutes
           Set a timeout in minutes on your keys.  This is conveyed to ssh-agent which does the
           actual timing out of keys since keychain doesn't run continuously.

       -V --version
           Show version information.

EXAMPLES

       This snippet should work in any shell to load two ssh keys and one gpg key:

           eval `keychain --eval id_rsa id_dsa 0123ABCD`

       If you have trouble with that in csh:

           setenv SHELL /bin/csh
           eval `keychain --eval id_rsa id_dsa 0123ABCD`

       This is equivalent for Bourne shells (including bash and zsh) but doesn't use keychain's
       --eval feature:

           keychain id_rsa id_dsa 0123ABCD
           [ -z "$HOSTNAME" ] && HOSTNAME=`uname -n`
           [ -f $HOME/.keychain/$HOSTNAME-sh ] && \
                   . $HOME/.keychain/$HOSTNAME-sh
           [ -f $HOME/.keychain/$HOSTNAME-sh-gpg ] && \
                   . $HOME/.keychain/$HOSTNAME-sh-gpg

       This is equivalent for C shell (including tcsh):

           keychain id_rsa id_dsa 0123ABCD
           host=`uname -n`
           if (-f $HOME/.keychain/$host-csh) then
                   source $HOME/.keychain/$host-csh
           endif
           if (-f $HOME/.keychain/$host-csh-gpg) then
                   source $HOME/.keychain/$host-csh-gpg
           endif

       To load keychain variables from a script (for example from cron) and abort unless id_dsa
       is available:

           # Load keychain variables and check for id_dsa
           [ -z "$HOSTNAME" ] && HOSTNAME=`uname -n`
           . $HOME/.keychain/$HOSTNAME-sh 2>/dev/null
           ssh-add -l 2>/dev/null | grep -q id_dsa || exit 1

SEE ALSO

       ssh-agent(1)

NOTES

       Keychain was created and is currently maintained by Daniel Robbins. If you need to report
       a bug or request an enhancement, please post to the funtoo-dev mailing list
       <http://groups.google.com/group/funtoo-dev>. For more information about keychain, please
       visit <http://www.funtoo.org>.