How to re-lock ssh private key?
Todd Zullinger
tmz at pobox.com
Thu Mar 5 18:27:49 UTC 2009
Wolfgang S. Rupprecht wrote:
>
> Gordon Messmer <yinyang at eburg.com> writes:
>> Wolfgang S. Rupprecht wrote:
>>> Another thing that appears not to work with the gnome version of
>>> the ssh-agent is "ssh-add -d" or "ssh-add -D". Not good.
>>
>> I think you're confused by the fact that the identities are still
>> listed by "ssh-add -l". They're certainly deactivated and require
>> a passphrase in order to be used again (tested in GNOME 2.24).
>
> No, I'm confused by the fact that I can still ssh to remote machines
> without entering my key-unlocking passphrase. ;-)
>
> $ ssh-add -D
> All identities removed.
> $ ssh localhost
> Last login: Thu Mar 5 07:03:01 2009 from localhost
> $
Right, this is clearly a gnome-keyring bug. There are a good number
of them it seems.
Not honoring -c or -t is: http://bugzilla.gnome.org/525574
Inability to disable it is: http://bugzilla.gnome.org/558181
The latter is fixed upstream, but only in the gnome-2.25 branch. I
don't know if anyone intends to backport the fix to the current stable
branch so F-10 can be updated. The changes don't apply cleanly, so
it'd take a little bit of work to sort out.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The most important single central fact about a free market is that no
exchange takes place unless both parties benefit.
-- Milton Friedman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090305/9420cc81/attachment-0001.sig>
More information about the fedora-list
mailing list