On 12/21/2010 10:49 AM, m.roth at 5-cent.us wrote: > Gordon Messmer wrote: >> On 12/17/2010 12:32 PM, m.roth at 5-cent.us wrote: >>> >>> Not with PIV-II cards.... >> >> Why? Do they use a non-standard SSH agent? > > pkcs11. opensc. NOT COOLKEY. I'm not really sure what that has to do with anything. You said that you're having trouble getting ssh-agent to close on logout. I replied that you're probably trying too hard. Fedora's desktops automatically have an ssh-agent available when you log in via gdm. In the past, it was OpenSSH's ssh-agent. In more recent versions, gnome has its own authentication agent, which is used. So I'll repeat myself: if you are seeing ssh-agent continue after you log out, you're probably trying too hard. Setting the agent up and tearing it down on logout are done for you right out of the box, and have been for years. Log in to a new user account on a fresh install sometime. Open a terminal and type "set | grep SSH_AUTH_SOCK". See that environment variable? The agent is running.