Re: Moving from Fedora -- Advice??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Gordon Messmer wrote:
> On 12/21/2010 10:49 AM, m.roth@xxxxxxxxx wrote:
>> Gordon Messmer wrote:
>>> On 12/17/2010 12:32 PM, m.roth@xxxxxxxxx wrote:
>>>>
>>>> Not with PIV-II cards....
>>>
>>> Why?  Do they use a non-standard SSH agent?
>>
>> pkcs11. opensc. NOT COOLKEY.
>
> I'm not really sure what that has to do with anything.  You said that
> you're having trouble getting ssh-agent to close on logout.  I replied
> that you're probably trying too hard.  Fedora's desktops automatically
> have an ssh-agent available when you log in via gdm.  In the past, it
> was OpenSSH's ssh-agent.  In more recent versions, gnome has its own
> authentication agent, which is used.

Right, which AFAIK, doesn't work with the new US federal PIV-II cards.
Certainly, I can't add the card when it's inserted in the reader with just
that.
>
> So I'll repeat myself: if you are seeing ssh-agent continue after you
> log out, you're probably trying too hard.  Setting the agent up and
> tearing it down on logout are done for you right out of the box, and
> have been for years.  Log in to a new user account on a fresh install
> sometime.  Open a terminal and type "set | grep SSH_AUTH_SOCK".  See
> that environment variable?  The agent is running.

I'll check his box again, when I get a chance. But as I said, it wasn't
willing to accept the card with ssh-add -s pkcs11, or ssh-add -s
opensc-pkcs11.so

       mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux