[Bug 209447] Re: gnome-keyring-daemon does not honor constrained ssh identities
Bug Watch Updater
209447 at bugs.launchpad.net
Sat Mar 10 05:44:42 UTC 2018
** Changed in: gnome-keyring
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/209447
Title:
gnome-keyring-daemon does not honor constrained ssh identities
Status in GNOME Keyring:
Fix Released
Status in portable OpenSSH:
Fix Released
Status in gnome-keyring package in Ubuntu:
In Progress
Status in openssh package in Ubuntu:
Fix Released
Bug description:
Binary package hint: gnome-keyring
The ssh-agent honors adding constrained identities -- where such constraints may be either:
* Require confirmation each time the agent allows the identity to be used.
* A maximum lifetime for the identity.
The gnome-keyring-daemon is a replacement for the ssh-agent in Hardy
Heron, but does not support those constraints. If the user issues:
ssh-add -c
or
ssh-add -t <time value>
The identities will be added without those constraints.
This is especially important in some uses of the ssh-agent, such as
ssh-agent forwarding, where the usage of the agent can not be
considered secure without the confirmation constraint.
If the gnome-keyring-daemon is intended to replace the ssh-agent in
Ubuntu, it should support these important security features -- they
were added with good reason.
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-keyring/+bug/209447/+subscriptions
More information about the foundations-bugs
mailing list