On Fri, 2009-01-09 at 11:27 -0500, Nalin Dahyabhai wrote: > On Fri, Jan 09, 2009 at 10:19:12AM -0600, Callum Lerwick wrote: > > http://man.root.cz/1/gnome-ssh-askpass/ > > > > gnome-ssh-askpass will lock keyboard focus to its window, preventing > > focus stealing and key logging attacks from other X clients. It also > > aborts if it fails to gain a lock on the keyboard. Try starting two > > copies of gnome-ssh-askpass at the same time, and see what happens: > > > > $ /usr/libexec/openssh/gnome-ssh-askpass&/usr/libexec/openssh/gnome-ssh-askpass > > > > Seems to me it's much preferable to use gnome-ssh-askpass if you're in > > X, even in xterms. > > Note that the dialog in this case comes from gnome-keyring, and is not > actually gnome-ssh-askpass. You can tell because gnome-ssh-askpass > doesn't offer to store things in your keyring, and it isn't used when > the process has access to a terminal device which it can use to prompt > the user. Any GUI password dialog really ought to be taking the same precautions. ... gnome-keyring's SSH agent doesn't seem to be working right on my system. I've been using "keychain" but it should be disabled at the moment. Does it really implement its own ssh agent? That would be really annoying as that would break interoperability with non-GUI logins. I ssh in and use screen on this box as well. "keychain" was handling all cases seamlessly, with this small fix: ln -s /etc/profile.d/keychain.sh /etc/X11/xinit/xinitrc.d/keychain.sh ( https://bugzilla.redhat.com/show_bug.cgi?id=180776 )
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
