GNOME Bugzilla – Bug 576754
ssh-add -l / -D don't quite work as expected
Last modified: 2009-04-02 13:17:47 UTC
Try yourself: ssh-add -l ... lists two identities ssh-add -D ... says "All identities removed. ssh-add -l ... still lists the same two identities ssh-add ... adds the same identities _again_ ssh-add -l ... now lists both identities twice, once as matthias@linux, and once as /home/mclasen/.ssh/id_rsa (and similar for dsa)
Related to https://bugzilla.redhat.com/show_bug.cgi?id=442810
gnome-keyring's ssh support automatically loads public SSH keys and makes available to SSH to use for logins. When SSH sends a public key to a server, and that public key is accepted then gnome-keyring tries to unlock the private key (possibly prompting you for your password). Use ssh-add is not necessary with gnome-keyring. However if you want to add keys to the agent it will let you do just that. ssh-add -D will: - Unload all SSH keys you added manually - Unload the private part of all SSH keys that gnome-keyring is managing. The goal of gnome-keyring's SSH agent is to automatically detect when connecting to a server that has a certain public key configured, and prompt/load the private key automatically. In the next version of seahorse, there should be an option to select your SSH keys and mark them so they don't get automatically managed by gnome-keyring's SSH agent. In addition, if you feel like it, you can disable the SSH agent part of gnome-keyring, and use the openssh agent instead: http://live.gnome.org/GnomeKeyring/Ssh It seems that the current behavior is the best we can do in order to make gnome-keyring's SSH agent beneficial for use. If you have any ideas on how we can make this situation better (notwithstanding openssh's ssh-add behavior) then I'd love to incorporate them. And please feel free to reopen this bug.
Fair enough. Might be good to explain this behaviour in some detail somewhere, to set peoples expectations.