How to re-lock ssh private key?
Robert Nichols
rnicholsNOSPAM at comcast.net
Tue Mar 3 15:18:46 UTC 2009
Cameron Simpson wrote:
> On 03Mar2009 01:06, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote:
>> After I've used ssh on a connection with RSA authorization and given
>> my keyring's passphrase to gnome-ssh-askpass, that keyring is now
>> unlocked and future connections can be made without the passphrase.
>> Is there a way, short of logging out and back in, to make the
>> passphrase required again for a connection?
[SNIP]
>> In searching for info I keep getting references to ssh-agent being
>> responsible for remembering the key, but I find that ssh-agent is
>> never executed on my system.
>
> I wonder how you find that, since it _is_ ssh-agent which provides this
> service. What specific checks have you made?
>
I renamed /usr/bin/ssh-agent to /usr/bin/xxx-agent and rebooted.
Everything worked just as before. That file has no other hard links.
> Go:
>
> env | grep '^SSH'
>
> Is there an SSH_AUTH_SOCK?
>
> Find the ssh and kill it. Or modify your envionment sufficiently to gain
> control over the ssh-agent (or simply start your own). By using the -t
> option to ssh-agent when you start it you can control how long an added
> key starts "good". You can also add a key with ssh-add and specify a
> timeout then.
The process at the other end of $SSH_AUTH_SOCK is
"gnome-keyring-daemon -d -login". That process gets created when I log
in. Killing it doesn't strike me as a good idea. Indeed, other keyring
related stuff breaks if I do that.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the fedora-list
mailing list