Re: How to re-lock ssh private key?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gordon Messmer wrote:
> I believe the documentation wasn't written because services were
> intended to be identical to ssh-agent.

The problem is that it is configured in very different ways than
ssh-agent.  So it requires it's own documentation.

And further, the services are a long way from identical. :)

> The "ssh-add" tool can still be used to add and remove identities,
> and has its own man page.

Sure, and I find that many of the things documented to work in the
ssh-add manpage do not work with the ssh agent provided by gnome
keyring.

Are you able to remove identities from the gnome provided agent?  I am
not.  Not with the -d or -D switch.

$ ssh-add -l
1024 61:34:65:0b:eb:cb:2b:83:cf:e2:3d:e9:9f:2f:c5:d3 id_dsa (DSA)
2048 27:c0:40:7c:f2:e5:4b:20:23:6b:19:2a:af:11:e7:6c id_rsa (RSA)

$ ssh-add -D
All identities removed.

$ ssh-add -l
1024 61:34:65:0b:eb:cb:2b:83:cf:e2:3d:e9:9f:2f:c5:d3 id_dsa (DSA)
2048 27:c0:40:7c:f2:e5:4b:20:23:6b:19:2a:af:11:e7:6c id_rsa (RSA)

Same for the -t option to have an identity expire, as well as the -x
option to lock the agent.  In the case of the -x option, ssh-add
prompts for a password to lock the agent and then reports "Agent
locked."  Yet the keys continue to be usable to login to remote
systems.

Unless I'm doing something very wrong (which is always a possible),
the gnome provided ssh agent is lacking a great many ways.

Perhaps worst of all, I have been unable to disable the gnome ssh
agent using the methods at http://live.gnome.org/GnomeKeyring/Ssh .
So what little documentation there is appears to be inaccurate. :(

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hell is paved with good samaritans.
    -- William M. Holden

Attachment: pgp8rEYdpNF6N.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux