Todd.Denniston at tsb.cranrdte.navy.mil
Tue Apr 6 15:11:20 UTC 2010
m.roth at 5-cent.us wrote, On 04/06/2010 10:51 AM:
> What I was doing: log onto my machine (system run level 5, I log out, NOT
> just lock the screen, every single night; therefore, there should be no
> processes running owned by me), and in a terminal window, do
> ssh-add .ssh/private key
> and enter my passphrase. Then I'd go through the day merrily on my way.
> Now, I find that when I log out, ssh-agent IS NOT STOPPED, even though I
> am logged all the way out. When I log out, unless I background something,
> everything running as me should go away. Everything.
> What I will try tomorrow, or maybe, if I get real enthused, later today,
> is to see if, after logging all the way out, then logging back in, whether
> ssh-agent has retained the ssh key that I added in the last session. If
> so, I *will* call this an important security hole, since in the unlikely
> event that someone manages to crack into my account (I lock the screen,
> per division rules, when I walk out of the office, so they can't just sit
> down at my desk), they could get to every other machine without so much as
> a by-your-leave, with no passwords.
I believe you can specify to agent that it should forget what it knows after a specified time
period, at least when you are firing up the agent.
> Now is this clearer?
if you don't start ssh-agent in your terminal do you see something like the following with ps?
~$ ps aux |grep agent
uname 12345 0.0 0.1 8916 3608 ? Ss 09:12 0:00 /usr/bin/ssh-agent /bin/sh -c exec -l
/bin/bash -c "/usr/bin/dbus-launch --exit-with-session /etc/X11/xinit/Xclients"
gdm (run level 5) starts that for you automatically and puts the appropriate variables in the
I don't think I had to do anything special at install time to have gdm kick that off as I log in.
This instance does end with the end of my sessions.
Hope that helps.
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
More information about the CentOS