ssh private key password
Callum Lerwick
seg at haxxed.com
Fri Jan 9 16:58:48 UTC 2009
On Fri, 2009-01-09 at 11:27 -0500, Nalin Dahyabhai wrote:
> On Fri, Jan 09, 2009 at 10:19:12AM -0600, Callum Lerwick wrote:
> > http://man.root.cz/1/gnome-ssh-askpass/
> >
> > gnome-ssh-askpass will lock keyboard focus to its window, preventing
> > focus stealing and key logging attacks from other X clients. It also
> > aborts if it fails to gain a lock on the keyboard. Try starting two
> > copies of gnome-ssh-askpass at the same time, and see what happens:
> >
> > $ /usr/libexec/openssh/gnome-ssh-askpass&/usr/libexec/openssh/gnome-ssh-askpass
> >
> > Seems to me it's much preferable to use gnome-ssh-askpass if you're in
> > X, even in xterms.
>
> Note that the dialog in this case comes from gnome-keyring, and is not
> actually gnome-ssh-askpass. You can tell because gnome-ssh-askpass
> doesn't offer to store things in your keyring, and it isn't used when
> the process has access to a terminal device which it can use to prompt
> the user.
Any GUI password dialog really ought to be taking the same precautions.
... gnome-keyring's SSH agent doesn't seem to be working right on my
system. I've been using "keychain" but it should be disabled at the
moment.
Does it really implement its own ssh agent? That would be really
annoying as that would break interoperability with non-GUI logins. I ssh
in and use screen on this box as well. "keychain" was handling all cases
seamlessly, with this small fix:
ln -s /etc/profile.d/keychain.sh /etc/X11/xinit/xinitrc.d/keychain.sh
( https://bugzilla.redhat.com/show_bug.cgi?id=180776 )
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090109/0f081bed/attachment.sig>
More information about the fedora-devel-list
mailing list