On 11/23/2017 03:20 AM, cen wrote:
According to other replies gnome-keyring is involved so perhaps the fault lies in that. I doubt upstream ssh guys would override cli options with agent.
Nonsense. GNOME provides *an* agent, it doesn't modify ssh. The ssh client decides what order to attempt authentication methods.
For now I managed to completely disable it system wide by adding export SSH_AUTH_SOCK="" in a /etc/profile.d script.
If you don't want your ssh keys to be used automatically, the least-effort fix it simply to not store them in .ssh. Keys stored elsewhere can be specified on the command line, but won't be loaded automatically by the GNOME keyring application.
The SSH agent is an important component of secure SSH use. You *should* keep your keys encrypted on disk (even if your filesystem itself is encrypted). The agent makes it viable to use secure passphrases with keys that you use frequently, eliminating the barrier to use that typing the passphrase frequently presents. It also allows you to forward your agent connection with SSH sessions, so that you can hop from host to host without copying private keys to the intermediate hosts.
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
