Re: SSH_AUTH_SOCK behavior is completely insane

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/23/2017 03:20 AM, cen wrote:

According to other replies gnome-keyring is involved so perhaps the fault lies in that. I doubt upstream ssh guys would override cli options with agent.


Nonsense.  GNOME provides *an* agent, it doesn't modify ssh.  The ssh client decides what order to attempt authentication methods.

For now I managed to completely disable it system wide by adding export SSH_AUTH_SOCK="" in a /etc/profile.d script.


If you don't want your ssh keys to be used automatically, the least-effort fix it simply to not store them in .ssh.  Keys stored elsewhere can be specified on the command line, but won't be loaded automatically by the GNOME keyring application.

The SSH agent is an important component of secure SSH use.  You *should* keep your keys encrypted on disk (even if your filesystem itself is encrypted).  The agent makes it viable to use secure passphrases with keys that you use frequently, eliminating the barrier to use that typing the passphrase frequently presents.  It also allows you to forward your agent connection with SSH sessions, so that you can hop from host to host without copying private keys to the intermediate hosts.

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux