GNOME Bugzilla – Bug 502846
SSH key kept unlock after usage
Last modified: 2009-03-05 03:43:50 UTC
The bug has been described on https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/175288 "Binary package hint: gnome-keyring When connecting to another computer using SSH, the gnome-keyring SSH agent window pops up and ask for my key, I enter my key and confirm, the SSH connection is established. Now, I close the first SSH connection and open another, it connects directly without asking for my key. I didn't check the "Automatically unlock" box, so it should have asked for the key again. Step to reproduce : -Logout (so the gnome-keyring-daemon is reloaded and all keys locked again) -Login and open a terminal -Connect to a server using SSH -The gnome-keyring will ask for the key, do not check the "Automatically unlock" box -Once the SSH connection established, disconnect -Then open a new one using the same SSH key -It won't ask for the key and will directly open the connection"
Yes, this is the whole point of an SSH agent. I guess you're looking for a way to disable the SSH agent functionality?
Yes, and I'd expect it not to remember my passphrase when I'm not checking the Remember Me check box.
It doesn't remember your passphrase. A passphrase is not used to log into the server. It's using a key to log into the server. The key is kept unlocked just as with any SSH agent. But perhaps the wording could be changed to be more clear.
A related Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=442809
I think the biggest problem is that alot of people (myself included) didn't expect a non ssh-agent process to act as an ssh-agent. It took me forever to figure out that I didn't need to configure an ssh-agent after upgrading to gnome 2.22 (via ubuntu 8.04). It seems that this should be something that's configurable so that those that don't want to have ssh-agent behavior be able to configure that rather than being forced to use it when using gnome. I know this is possible at compile time, but if it is at runtime, I can't seem to find it. Even if you changed the wording to be more clear, without the ability to change at runtime, I will not be able to use gnome in certain environments.
Yes, it is configurable in gconf: http://live.gnome.org/GnomeKeyring/Ssh The behavior of gnome-keyring's SSH agent is to automatically load and prompt you for the password to unlock your SSH key. It then keeps that SSH key unlocked (as if you'd used ssh-add to load it) until you remove it from the SSH agent using the usual 'ssh-add -D' I hope it's okay if we close this bug. Or if anyone can think of a clear way forward, then please do reopen this bug. Or we could discuss a behavior change on the gnome-keyring mailing list.