seahorse ssh key timeless cache
gabe at dragffy.com
Fri May 18 11:06:03 UTC 2007
On Fri, 2007-05-18 at 15:00 -0300, Felipe Figueiredo wrote:
> I am using seahorse to manage my gpg/ssh keys, and was thrilled as I just
> found out what "forward agent" really is: when the ssh-agent is active I only
> have to type my passphrase once, it gets cached, and I can ssh with it to
> host A without further hassle any time. Nothing new here.
> But as I just found out, I can also connect from host A to host B without
> typing the passphrase (it's the same key, but host B is not directly
> accesible from the net). I don't know why debian/ubuntu disables this by
> default, but it's very nice when you open and close sessions frequently.
> Now, my concern is that seahorse doesn't seem to have any time out policy for
> this cache. In my experiments at my home computer, it would keep my
> passphrase for over a day. I find this disturbing, especially now that I know
> someone with physical access to my box have access to ALL hosts with my
> ssh-key, without having to know my passphrase. IIRC, the vanilla agent I
> installed years ago to use gpg with kmail timed out after a few minutes, and
> I'm sure pgp4pine times out. Heck, why would anybody like to leave his
> passphrase in memory for indefinite time?
> Is it a feature or a bug? Is there a way get it to time out, say, after 5
But you can change the cache time from infintie to anything you want.
Just right-click on the icon in where it shows next to the clock and
select cache preferneces, then allow it to expire after however many
Gabriel Dragffy FdA BA(Hons)
Websites by Gabe:
More information about the ubuntu-users