-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I came across an odd feature in sl6 and maybe someone understands what
causes this.  It seems that SL6 has an agent that does an ssh-add when
you log in.  Unfortunately, it appears to snarf up any key you happen to
have in your .ssh area even ones with nonstandard names.  It has the
rather disturbing feature that if you do a ssh-add -l immediately after
logging in it shows your encrypted private key as being loaded.  It
seems not to be really since when you try to use it it then asks for the
pass phrase with a gui popup.  I'm guessing that it just looks at the
pub part and recognizes that you "might use it" later.

In my case I keep some specialized unencrypted keys for specific
functions (i.e. in the remote authorized_keys file these guys allow
execution of a single rather harmless command).  It seems that these get
ssh-add'ed automatically at login and they are presented to the remote
hosts in ways that preclude my using public key access on the second hop
in a chain of ssh's (yes initially the real encrypted key gets used but
on the second hop it appears the specialized ones get presented and
force a failure for an actual login).  I googled and found that there is
an openssh agent in the startup applications that appears to have a
related function but I don't seem to have that enabled so configuring is
likely futile.  I do have a workaround (simply move all these keys to
some other area than .ssh) but I'm curious as to what is doing this and
it seems like something people might want to be aware of.

- -- 
Robert E. Blair, Room C221, Building 360
Argonne National Laboratory (High Energy Physics Division)
9700 South Cass Avenue, Argonne, IL 60439, USA
Phone: (630)-252-7545  FAX: (630)-252-5047
GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAk2CgIsACgkQOMIGC6x7/XQrfACgl/SAarLpTYwNB/OYyJiHcTU6
wsYAn20O6f3wytPmBLxTASgTxhtdP2a8
=Ir7x
-----END PGP SIGNATURE-----