How to re-lock ssh private key?

Robert Nichols rnicholsNOSPAM at comcast.net
Tue Mar 3 15:18:46 UTC 2009


Cameron Simpson wrote:
> On 03Mar2009 01:06, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote:
>> After I've used ssh on a connection with RSA authorization and given
>> my keyring's passphrase to gnome-ssh-askpass, that keyring is now
>> unlocked and future connections can be made without the passphrase.
>> Is there a way, short of logging out and back in, to make the
>> passphrase required again for a connection?
[SNIP]
>> In searching for info I keep getting references to ssh-agent being
>> responsible for remembering the key, but I find that ssh-agent is
>> never executed on my system.
> 
> I wonder how you find that, since it _is_ ssh-agent which provides this
> service. What specific checks have you made?
> 

I renamed /usr/bin/ssh-agent to /usr/bin/xxx-agent and rebooted.
Everything worked just as before.  That file has no other hard links.

> Go:
> 
>   env | grep '^SSH'
> 
> Is there an SSH_AUTH_SOCK?
> 
> Find the ssh and kill it. Or modify your envionment sufficiently to gain
> control over the ssh-agent (or simply start your own). By using the -t
> option to ssh-agent when you start it you can control how long an added
> key starts "good". You can also add a key with ssh-add and specify a
> timeout then.

The process at the other end of $SSH_AUTH_SOCK is
"gnome-keyring-daemon -d -login".  That process gets created when I log
in.  Killing it doesn't strike me as a good idea.  Indeed, other keyring
related stuff breaks if I do that.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.




More information about the fedora-list mailing list