[CentOS] Moving from Fedora -- Advice??
m.roth at 5-cent.us
m.roth at 5-cent.us
Wed Dec 22 19:39:39 UTC 2010
Gordon Messmer wrote:
> On 12/21/2010 10:49 AM, m.roth at 5-cent.us wrote:
>> Gordon Messmer wrote:
>>> On 12/17/2010 12:32 PM, m.roth at 5-cent.us wrote:
>>>>
>>>> Not with PIV-II cards....
>>>
>>> Why? Do they use a non-standard SSH agent?
>>
>> pkcs11. opensc. NOT COOLKEY.
>
> I'm not really sure what that has to do with anything. You said that
> you're having trouble getting ssh-agent to close on logout. I replied
> that you're probably trying too hard. Fedora's desktops automatically
> have an ssh-agent available when you log in via gdm. In the past, it
> was OpenSSH's ssh-agent. In more recent versions, gnome has its own
> authentication agent, which is used.
Right, which AFAIK, doesn't work with the new US federal PIV-II cards.
Certainly, I can't add the card when it's inserted in the reader with just
that.
>
> So I'll repeat myself: if you are seeing ssh-agent continue after you
> log out, you're probably trying too hard. Setting the agent up and
> tearing it down on logout are done for you right out of the box, and
> have been for years. Log in to a new user account on a fresh install
> sometime. Open a terminal and type "set | grep SSH_AUTH_SOCK". See
> that environment variable? The agent is running.
I'll check his box again, when I get a chance. But as I said, it wasn't
willing to accept the card with ssh-add -s pkcs11, or ssh-add -s
opensc-pkcs11.so
mark
More information about the CentOS
mailing list