 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 21 Mar 2011 09:47:03 +0100 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Hi Robert,
On Thursday, March 17, 2011 22:43:39 Robert E. Blair wrote:
> I came across an odd feature in sl6 and maybe someone understands what
> causes this. It seems that SL6 has an agent that does an ssh-add when
> you log in. Unfortunately, it appears to snarf up any key you happen to
> have in your .ssh area even ones with nonstandard names. It has the
> rather disturbing feature that if you do a ssh-add -l immediately after
> logging in it shows your encrypted private key as being loaded. It
> seems not to be really since when you try to use it it then asks for the
> pass phrase with a gui popup. I'm guessing that it just looks at the
> pub part and recognizes that you "might use it" later.
>
> In my case I keep some specialized unencrypted keys for specific
> functions (i.e. in the remote authorized_keys file these guys allow
> execution of a single rather harmless command). It seems that these get
> ssh-add'ed automatically at login and they are presented to the remote
> hosts in ways that preclude my using public key access on the second hop
> in a chain of ssh's (yes initially the real encrypted key gets used but
> on the second hop it appears the specialized ones get presented and
> force a failure for an actual login). I googled and found that there is
> an openssh agent in the startup applications that appears to have a
> related function but I don't seem to have that enabled so configuring is
> likely futile. I do have a workaround (simply move all these keys to
> some other area than .ssh) but I'm curious as to what is doing this and
> it seems like something people might want to be aware of.
I guess you are using GNOME and the gnome keyring is interfering with what you
want to do. Gnome keyring is feeding the keys to the ssh-agent. I'm using ssh-
agent since a long time and didn't run into any troubles so far, but I'm
usually not using the gnome keyring.
Depending on the version of GNOME in SL6, you can install either gnome-
keyring-manager or seahorse to manage the keyring. If you don't want gnome to
interfer with your ssh keys, simply remove them from the keyring.
Hope that helps.
Cheers,
Andreas
--
Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)
Andreas Petzold
Hermann-von-Helmholtz-Platz 1, Building 441, Room 104
D-76344 Eggenstein-Leopoldshafen
Tel: +49 721 608 24916
Fax: +49 721 608 24972
Email: [log in to unmask]
www.scc.kit.edu
KIT – University of the State of Baden-Wuerttemberg and
National Research Center of the Helmholtz Association
|
|
|
