seahorse ssh key timeless cache
philsf79 at gmail.com
Fri May 18 18:00:14 UTC 2007
I am using seahorse to manage my gpg/ssh keys, and was thrilled as I just
found out what "forward agent" really is: when the ssh-agent is active I only
have to type my passphrase once, it gets cached, and I can ssh with it to
host A without further hassle any time. Nothing new here.
But as I just found out, I can also connect from host A to host B without
typing the passphrase (it's the same key, but host B is not directly
accesible from the net). I don't know why debian/ubuntu disables this by
default, but it's very nice when you open and close sessions frequently.
Now, my concern is that seahorse doesn't seem to have any time out policy for
this cache. In my experiments at my home computer, it would keep my
passphrase for over a day. I find this disturbing, especially now that I know
someone with physical access to my box have access to ALL hosts with my
ssh-key, without having to know my passphrase. IIRC, the vanilla agent I
installed years ago to use gpg with kmail timed out after a few minutes, and
I'm sure pgp4pine times out. Heck, why would anybody like to leave his
passphrase in memory for indefinite time?
Is it a feature or a bug? Is there a way get it to time out, say, after 5
More information about the ubuntu-users