After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 502846 - SSH key kept unlock after usage
SSH key kept unlock after usage
Status: RESOLVED NOTABUG
Product: gnome-keyring
Classification: Core
Component: general
2.21.x
Other Linux
: Normal normal
: ---
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2007-12-10 13:59 UTC by Sebastien Bacher
Modified: 2009-03-05 03:43 UTC
See Also:
GNOME target: ---
GNOME version: 2.21/2.22



Description Sebastien Bacher 2007-12-10 13:59:48 UTC
The bug has been described on https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/175288

"Binary package hint: gnome-keyring

When connecting to another computer using SSH, the gnome-keyring SSH agent window pops up and ask for my key,
I enter my key and confirm, the SSH connection is established.

Now, I close the first SSH connection and open another, it connects directly without asking for my key.
I didn't check the "Automatically unlock" box, so it should have asked for the key again.

Step to reproduce :
-Logout (so the gnome-keyring-daemon is reloaded and all keys locked again)
-Login and open a terminal
-Connect to a server using SSH
-The gnome-keyring will ask for the key, do not check the "Automatically unlock" box
-Once the SSH connection established, disconnect
-Then open a new one using the same SSH key
-It won't ask for the key and will directly open the connection"
Comment 1 Stef Walter 2007-12-10 15:17:31 UTC
Yes, this is the whole point of an SSH agent. I guess you're looking for a way to disable the SSH agent functionality?
Comment 2 Emilio Pozuelo Monfort 2007-12-10 15:22:48 UTC
Yes, and I'd expect it not to remember my passphrase when I'm not checking the Remember Me check box.
Comment 3 Stef Walter 2007-12-14 17:44:49 UTC
It doesn't remember your passphrase. A passphrase is not used to log into the server. It's using a key to log into the server. The key is kept unlocked just as with any SSH agent.

But perhaps the wording could be changed to be more clear.
Comment 4 Matthias Clasen 2008-04-16 22:25:48 UTC
A related Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=442809
Comment 5 Andy Wang 2008-05-04 00:28:23 UTC
I think the biggest problem is that alot of people (myself included) didn't expect a non ssh-agent process to act as an ssh-agent.  It took me forever to figure out that I didn't need to configure an ssh-agent after upgrading to gnome 2.22 (via ubuntu 8.04).

It seems that this should be something that's configurable so that those that don't want to have ssh-agent behavior be able to configure that rather than being forced to use it when using gnome.  I know this is possible at compile time, but if it is at runtime, I can't seem to find it.

Even if you changed the wording to be more clear, without the ability to change at runtime, I will not be able to use gnome in certain environments.
Comment 6 Stef Walter 2009-03-05 03:43:50 UTC
Yes, it is configurable in gconf:

http://live.gnome.org/GnomeKeyring/Ssh

The behavior of gnome-keyring's SSH agent is to automatically load and prompt you for the password to unlock your SSH key. It then keeps that SSH key unlocked (as if you'd used ssh-add to load it) until you remove it from the SSH agent using the usual 'ssh-add -D'

I hope it's okay if we close this bug. Or if anyone can think of a clear way forward, then please do reopen this bug. Or we could discuss a behavior change on the gnome-keyring mailing list.