m.roth@5-cent.us wrote, On 04/06/2010 10:51 AM:
What I was doing: log onto my machine (system run level 5, I log out, NOT just lock the screen, every single night; therefore, there should be no processes running owned by me), and in a terminal window, do ssh-agent ssh-add .ssh/private key and enter my passphrase. Then I'd go through the day merrily on my way.
Now, I find that when I log out, ssh-agent IS NOT STOPPED, even though I am logged all the way out. When I log out, unless I background something, everything running as me should go away. Everything.
What I will try tomorrow, or maybe, if I get real enthused, later today, is to see if, after logging all the way out, then logging back in, whether ssh-agent has retained the ssh key that I added in the last session. If so, I *will* call this an important security hole, since in the unlikely event that someone manages to crack into my account (I lock the screen, per division rules, when I walk out of the office, so they can't just sit down at my desk), they could get to every other machine without so much as a by-your-leave, with no passwords.
I believe you can specify to agent that it should forget what it knows after a specified time period, at least when you are firing up the agent.
Now is this clearer?
question: if you don't start ssh-agent in your terminal do you see something like the following with ps?
~$ ps aux |grep agent uname 12345 0.0 0.1 8916 3608 ? Ss 09:12 0:00 /usr/bin/ssh-agent /bin/sh -c exec -l /bin/bash -c "/usr/bin/dbus-launch --exit-with-session /etc/X11/xinit/Xclients"
gdm (run level 5) starts that for you automatically and puts the appropriate variables in the environment.
I don't think I had to do anything special at install time to have gdm kick that off as I log in.
This instance does end with the end of my sessions.
Hope that helps.