[CentOS] ssh-agent
Todd Denniston
Todd.Denniston at tsb.cranrdte.navy.mil
Tue Apr 6 15:11:20 UTC 2010
m.roth at 5-cent.us wrote, On 04/06/2010 10:51 AM:
> What I was doing: log onto my machine (system run level 5, I log out, NOT
> just lock the screen, every single night; therefore, there should be no
> processes running owned by me), and in a terminal window, do
> ssh-agent
> ssh-add .ssh/private key
> and enter my passphrase. Then I'd go through the day merrily on my way.
>
> Now, I find that when I log out, ssh-agent IS NOT STOPPED, even though I
> am logged all the way out. When I log out, unless I background something,
> everything running as me should go away. Everything.
>
> What I will try tomorrow, or maybe, if I get real enthused, later today,
> is to see if, after logging all the way out, then logging back in, whether
> ssh-agent has retained the ssh key that I added in the last session. If
> so, I *will* call this an important security hole, since in the unlikely
> event that someone manages to crack into my account (I lock the screen,
> per division rules, when I walk out of the office, so they can't just sit
> down at my desk), they could get to every other machine without so much as
> a by-your-leave, with no passwords.
I believe you can specify to agent that it should forget what it knows after a specified time
period, at least when you are firing up the agent.
>
> Now is this clearer?
>
question:
if you don't start ssh-agent in your terminal do you see something like the following with ps?
~$ ps aux |grep agent
uname 12345 0.0 0.1 8916 3608 ? Ss 09:12 0:00 /usr/bin/ssh-agent /bin/sh -c exec -l
/bin/bash -c "/usr/bin/dbus-launch --exit-with-session /etc/X11/xinit/Xclients"
gdm (run level 5) starts that for you automatically and puts the appropriate variables in the
environment.
I don't think I had to do anything special at install time to have gdm kick that off as I log in.
This instance does end with the end of my sessions.
Hope that helps.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
More information about the CentOS
mailing list