m.roth at 5-cent.us wrote, On 04/06/2010 10:51 AM: > What I was doing: log onto my machine (system run level 5, I log out, NOT > just lock the screen, every single night; therefore, there should be no > processes running owned by me), and in a terminal window, do > ssh-agent > ssh-add .ssh/private key > and enter my passphrase. Then I'd go through the day merrily on my way. > > Now, I find that when I log out, ssh-agent IS NOT STOPPED, even though I > am logged all the way out. When I log out, unless I background something, > everything running as me should go away. Everything. > > What I will try tomorrow, or maybe, if I get real enthused, later today, > is to see if, after logging all the way out, then logging back in, whether > ssh-agent has retained the ssh key that I added in the last session. If > so, I *will* call this an important security hole, since in the unlikely > event that someone manages to crack into my account (I lock the screen, > per division rules, when I walk out of the office, so they can't just sit > down at my desk), they could get to every other machine without so much as > a by-your-leave, with no passwords. I believe you can specify to agent that it should forget what it knows after a specified time period, at least when you are firing up the agent. > > Now is this clearer? > question: if you don't start ssh-agent in your terminal do you see something like the following with ps? ~$ ps aux |grep agent uname 12345 0.0 0.1 8916 3608 ? Ss 09:12 0:00 /usr/bin/ssh-agent /bin/sh -c exec -l /bin/bash -c "/usr/bin/dbus-launch --exit-with-session /etc/X11/xinit/Xclients" gdm (run level 5) starts that for you automatically and puts the appropriate variables in the environment. I don't think I had to do anything special at install time to have gdm kick that off as I log in. This instance does end with the end of my sessions. Hope that helps. -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter