[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to re-lock ssh private key?

Todd Zullinger wrote:
Robert Nichols wrote:
The process at the other end of $SSH_AUTH_SOCK is
"gnome-keyring-daemon -d -login".  That process gets created when I
log in.  Killing it doesn't strike me as a good idea.  Indeed, other
keyring related stuff breaks if I do that.

You can tell the keyring daemon not to provide ssh-agent services.
Perhaps doing that and using the ssh-agent from openssh (which I
believe is still started automatically if no agent is running

To disable ssh services in gnome-keyring-daemon:

gconftool-2 --set -t bool /apps/gnome-keyring/daemon-components/ssh false

Some very thin documentation on gnome-keyring-daemon's ssh handling is
at: http://live.gnome.org/GnomeKeyring/Ssh

Again, thanks for the effort, but NO-GO!

I tried changing the setting for that boolean to false, both with
gconftool-2 and with the GUI gconf-editor, and also by running
gconftool-2 as root.  No change, nada, zip!  Log out, log back in,
reboot, ..., no change at all.  Unsetting the environment variable
for SSH_ASKPASS (edited /etc/profile.d/gnome-ssh-askpass.sh so that
the variable never gets set) changes nothing.  The only thing that
has an effect is unsetting SSH_AUTH_SOCK, and doing that means that
the passphrase is required _every_time_.

If SSH_AUTH_SOCK is unset or the socket is not present, ssh-add
fails with "Could not open a connection to your authentication agent."
Looks like the only options are (a) use gnome-keyring-daemon and
accept that the key is unlocked forever, or (b) use nothing and
enter the passphrase every time.

Bob Nichols     "NOSPAM" is really part of my email address.
                Do NOT delete it.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]