seahorse ssh key timeless cache

Felipe Figueiredo philsf79 at
Fri May 18 18:00:14 UTC 2007


I am using seahorse to manage my gpg/ssh keys, and was thrilled as I just 
found out what "forward agent" really is: when the ssh-agent is active I only 
have to type my passphrase once, it gets cached, and I can ssh with it to 
host A without further hassle any time. Nothing new here.

But as I just found out, I can also connect from host A to host B without 
typing the passphrase (it's the same key, but host B is not directly 
accesible from the net). I don't know why debian/ubuntu disables this by 
default, but it's very nice when you open and close sessions frequently.

Now, my concern is that seahorse doesn't seem to have any time out policy for 
this cache. In my experiments at my home computer, it would keep my 
passphrase for over a day. I find this disturbing, especially now that I know 
someone with physical access to my box have access to ALL hosts with my 
ssh-key, without having to know my passphrase. IIRC, the vanilla agent I 
installed years ago to use gpg with kmail timed out after a few minutes, and 
I'm sure pgp4pine times out. Heck, why would anybody like to leave his 
passphrase in memory for indefinite time?

Is it a feature or a bug? Is there a way get it to time out, say, after 5 


More information about the ubuntu-users mailing list