From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GmI2D-0003HB-SQ for garchives@archives.gentoo.org; Mon, 20 Nov 2006 22:54:42 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.8) with SMTP id kAKMp5sJ000180; Mon, 20 Nov 2006 22:51:05 GMT Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id kAKMlWM1006805 for ; Mon, 20 Nov 2006 22:47:32 GMT Received: by ug-out-1314.google.com with SMTP id z38so1306250ugc for ; Mon, 20 Nov 2006 14:47:32 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:reply-to:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:message-id; b=q1KtH1mdbqLNLfD/bWn9xup/yXpQo32Gnl8btPHvtpGMiQljK47Z2bDOmCG+w1MPSX7/M1S6xxdm+kT26JbMXv+1Z6xJ5QB1M+o2tA9ZFkzVM1S6W5bmJHuRHC+y3v7sCVAObZH6cStaZbOCwvlz46HzYaphJdMntBR2tW5i1oQ= Received: by 10.67.97.18 with SMTP id z18mr8367880ugl.1164062851925; Mon, 20 Nov 2006 14:47:31 -0800 (PST) Received: from ?192.168.0.5? ( [213.162.120.196]) by mx.google.com with ESMTP id y1sm8435412uge.2006.11.20.14.47.30; Mon, 20 Nov 2006 14:47:31 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] ssh-agent Date: Mon, 20 Nov 2006 22:47:10 +0000 User-Agent: KMail/1.9.5 References: In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2236017.R32SWY4VcL"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200611202247.23806.michaelkintzios@gmail.com> X-Archives-Salt: 88db8d5b-a999-41d9-b8ab-4d6598507b0b X-Archives-Hash: 8df4cb0457f11314c4542730c2066f49 --nextPart2236017.R32SWY4VcL Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 20 November 2006 17:20, Jorge Almeida wrote: > I've been reading the ssh-agent documentation (and googling) and it > seems clear, except for two issues for which I couldn't find any docs: > > What (where) is the ssh-agent cache? Some directory where the decrypted > keys are kept? (I mean, if I keep ssh-agent running all day, is it more > secure than just having my private keys unencrypted?) I understand (but could well be wrong) that the ssh-agent creates a new=20 directory in /tmp/ with restrictive permissions (0700) and then creates a=20 unix socket in it, with rather restrictive permissions (0600). Anyone who c= an=20 connect to this socket (a hacker?!) could access your decrypted keys. Also= ,=20 root can access the socket and therefore your keys. > When adding keys with ssh-add, does it use protected memory to get the > passphrases? I believe the above answer covers this too. If you run the ssh-add with=20 the -c option the agent will run the ssh-askpass when anyone tries to=20 retrieve the passwords. This is how it used to be last time I looked at it, not sure how it has=20 evolved over the last few months. =2D-=20 Regards, Mick --nextPart2236017.R32SWY4VcL Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQBFYjB75Fp0QerLYPcRAgzMAJ9/PijrJnQS5gqdWZ5v++Uose2v7wCgktg3 XetiBgSPgV75L2IWEy+zfx0= =aa/p -----END PGP SIGNATURE----- --nextPart2236017.R32SWY4VcL-- -- gentoo-user@gentoo.org mailing list