[CentOS] ssh-agent

Todd Denniston Todd.Denniston at tsb.cranrdte.navy.mil
Tue Apr 6 15:11:20 UTC 2010


m.roth at 5-cent.us wrote, On 04/06/2010 10:51 AM:
> What I was doing: log onto my machine (system run level 5, I log out, NOT
> just lock the screen, every single night; therefore, there should be no
> processes running owned by me), and in a terminal window, do
>    ssh-agent
>    ssh-add .ssh/private key
> and enter my passphrase. Then I'd go through the day merrily on my way.
> 
> Now, I find that when I log out, ssh-agent IS NOT STOPPED, even though I
> am logged all the way out. When I log out, unless I background something,
> everything running as me should go away. Everything.
> 
> What I will try tomorrow, or maybe, if I get real enthused, later today,
> is to see if, after logging all the way out, then logging back in, whether
> ssh-agent has retained the ssh key that I added in the last session. If
> so, I *will* call this an important security hole, since in the unlikely
> event that someone manages to crack into my account (I lock the screen,
> per division rules, when I walk out of the office, so they can't just sit
> down at my desk), they could get to every other machine without so much as
> a by-your-leave, with no passwords.

I believe you can specify to agent that it should forget what it knows after a specified time
period, at least when you are firing up the agent.

> 
> Now is this clearer?
> 

question:
if you don't start ssh-agent in your terminal do you see something like the following with ps?

~$ ps aux |grep agent
uname 12345  0.0  0.1   8916  3608 ?        Ss   09:12   0:00 /usr/bin/ssh-agent /bin/sh -c exec -l
/bin/bash -c "/usr/bin/dbus-launch --exit-with-session /etc/X11/xinit/Xclients"

gdm (run level 5) starts that for you automatically and puts the appropriate variables in the
environment.

I don't think I had to do anything special at install time to have gdm kick that off as I log in.

This instance does end with the end of my sessions.

Hope that helps.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter



More information about the CentOS mailing list