seahorse ssh key timeless cache
Gabriel Dragffy
gabe at dragffy.com
Fri May 18 11:06:03 UTC 2007
On Fri, 2007-05-18 at 15:00 -0300, Felipe Figueiredo wrote:
> Hello,
>
> I am using seahorse to manage my gpg/ssh keys, and was thrilled as I just
> found out what "forward agent" really is: when the ssh-agent is active I only
> have to type my passphrase once, it gets cached, and I can ssh with it to
> host A without further hassle any time. Nothing new here.
>
> But as I just found out, I can also connect from host A to host B without
> typing the passphrase (it's the same key, but host B is not directly
> accesible from the net). I don't know why debian/ubuntu disables this by
> default, but it's very nice when you open and close sessions frequently.
>
> Now, my concern is that seahorse doesn't seem to have any time out policy for
> this cache. In my experiments at my home computer, it would keep my
> passphrase for over a day. I find this disturbing, especially now that I know
> someone with physical access to my box have access to ALL hosts with my
> ssh-key, without having to know my passphrase. IIRC, the vanilla agent I
> installed years ago to use gpg with kmail timed out after a few minutes, and
> I'm sure pgp4pine times out. Heck, why would anybody like to leave his
> passphrase in memory for indefinite time?
>
> Is it a feature or a bug? Is there a way get it to time out, say, after 5
> minutes?
>
> regards
> FF
>
But you can change the cache time from infintie to anything you want.
Just right-click on the icon in where it shows next to the clock and
select cache preferneces, then allow it to expire after however many
minutes.
--
Gabriel Dragffy FdA BA(Hons)
Websites by Gabe:
http://dragffy.com
http://andrew-norman.com
On-line CV:
http://dragffy.com/gabescv
More information about the ubuntu-users
mailing list