SSH-TPM-ADD(1) ssh-tpm-add manual SSH-TPM-ADD(1)

ssh-tpm-add - adds private keys to the *ssh-tpm-agent*

ssh-tpm-add

ssh-tpm-add [PATH ...]

ssh-tpm-add adds TPM wrapped private keys to ssh-tpm-agent(1). Any specified keys as arguments are added to the running agent.

It requires the environment variable SSH_TPM_AUTH_SOCK to point at an active UNIX domain socket with an agent listening.

If no files are given it will try to load the default keys ~/.ssh/id_ecdsa.tpm and ~/.ssh/id_rsa.tpm.

SSH_TPM_AUTH_SOCK

Identifies the path of a unix-domain socket for communication with the agent.

Default to /var/tmp/ssh-tpm-agent.sock.

~/ssh/id_rsa.tpm, ~/ssh/id_ecdsa.tpm

Contains the ssh private keys used by ssh-tpm-agent. They are TPM 2.0 TSS key files and securely wrapped by the TPM. They can be shared publicly as they can only be used by the TPM they where created on. However it is probably better to not do that.

~/ssh/id_rsa.pub, ~/ssh/id_ecdsa.pub

Contains the ssh public keys. These can be shared publicly, and is the same format as the ones created by ssh-keygen(1).

ssh-add(1), ssh-agent(1), ssh(1), ssh-tpm-keygen(1), ssh-keygen(1)

ASN.1 Specification for TPM 2.0 Key Files https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html

2025-03-27 ssh-tpm-agent