GNOME Bugzilla – Bug 593509
gnome-keyring needs option to prompt to confirm each SSH key usage; like "ssh-add -c"
Last modified: 2009-08-30 00:03:02 UTC
Using the OpenSSH ssh-agent, one can add keys using "ssh-add -c". This will prompt for the passphrase for the key at add-time, but also cause ssh-agent to prompt (just yes/no; no password request) each time the key is used. This allows the user to monitor e.g. if they've ssh'd to a machine, with ssh-agent forwarding enabled, and somebody on that machine hijacks their ssh-agent connection. I'd like similar capabilities in gnome-keyring for automatically-added keys. So, the flow would be: * At startup, gnome-keyring adds all the auto keys (just like now) * The first time a key is used, gnome-keyring prompts for the password, with option to cancel (just like now) * Each subsequent time a key is used, gnome-keyring prompts to allow key usage, with a simple yes/no dialog (or ignores the text entry in the existing dialog style)
Oh, and related to this, I/Google found a bunch of places that reported that manually using "ssh-add -c" against gnome-keyring would a) yield a cryptic failure message due to the "-c" usage b) Actually succeed, c) Then not prompt per usage, like -c requests. I imagine that this would be easy to fix in the context of this bug too; implementation might be something like a boolean per key for prompt-on-usage, which would be set from the user-preference for auto-loaded keys, and set by -c option to ssh-add for manually added keys (or rather whatever ssh-agent protocol that maps to)
*** This bug has been marked as a duplicate of bug 525574 ***