* [gentoo-user] ssh-agent
@ 2006-11-20 17:20 Jorge Almeida
2006-11-20 20:41 ` Boyd Stephen Smith Jr.
2006-11-20 22:47 ` Mick
0 siblings, 2 replies; 15+ messages in thread
From: Jorge Almeida @ 2006-11-20 17:20 UTC (permalink / raw
To: gentoo-user
I've been reading the ssh-agent documentation (and googling) and it
seems clear, except for two issues for which I couldn't find any docs:
What (where) is the ssh-agent cache? Some directory where the decrypted
keys are kept? (I mean, if I keep ssh-agent running all day, is it more
secure than just having my private keys unencrypted?)
When adding keys with ssh-add, does it use protected memory to get the
passphrases?
--
Jorge Almeida
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-20 17:20 [gentoo-user] ssh-agent Jorge Almeida
@ 2006-11-20 20:41 ` Boyd Stephen Smith Jr.
2006-11-20 22:47 ` Mick
1 sibling, 0 replies; 15+ messages in thread
From: Boyd Stephen Smith Jr. @ 2006-11-20 20:41 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 784 bytes --]
On Monday 20 November 2006 11:20, Jorge Almeida <jalmeida@math.ist.utl.pt>
wrote about '[gentoo-user] ssh-agent':
> I've been reading the ssh-agent documentation (and googling) and it
> seems clear, except for two issues for which I couldn't find any docs:
While I hope someone on this list can answer you, the information you
desire is very ssh-agent specific and very not Gentoo-specific. Because
of that you'll probably be more likely to get results on a mailing list
specifically for that program (or, if you are using openssh; OpenBSD).
--
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-20 17:20 [gentoo-user] ssh-agent Jorge Almeida
2006-11-20 20:41 ` Boyd Stephen Smith Jr.
@ 2006-11-20 22:47 ` Mick
2006-11-20 23:09 ` Jorge Almeida
2006-11-21 5:55 ` Boyd Stephen Smith Jr.
1 sibling, 2 replies; 15+ messages in thread
From: Mick @ 2006-11-20 22:47 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1173 bytes --]
On Monday 20 November 2006 17:20, Jorge Almeida wrote:
> I've been reading the ssh-agent documentation (and googling) and it
> seems clear, except for two issues for which I couldn't find any docs:
>
> What (where) is the ssh-agent cache? Some directory where the decrypted
> keys are kept? (I mean, if I keep ssh-agent running all day, is it more
> secure than just having my private keys unencrypted?)
I understand (but could well be wrong) that the ssh-agent creates a new
directory in /tmp/ with restrictive permissions (0700) and then creates a
unix socket in it, with rather restrictive permissions (0600). Anyone who can
connect to this socket (a hacker?!) could access your decrypted keys. Also,
root can access the socket and therefore your keys.
> When adding keys with ssh-add, does it use protected memory to get the
> passphrases?
I believe the above answer covers this too. If you run the ssh-add with
the -c option the agent will run the ssh-askpass when anyone tries to
retrieve the passwords.
This is how it used to be last time I looked at it, not sure how it has
evolved over the last few months.
--
Regards,
Mick
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-20 22:47 ` Mick
@ 2006-11-20 23:09 ` Jorge Almeida
2006-11-21 5:55 ` Boyd Stephen Smith Jr.
1 sibling, 0 replies; 15+ messages in thread
From: Jorge Almeida @ 2006-11-20 23:09 UTC (permalink / raw
To: gentoo-user
On Mon, 20 Nov 2006, Mick wrote:
> On Monday 20 November 2006 17:20, Jorge Almeida wrote:
>> I've been reading the ssh-agent documentation (and googling) and it
>> seems clear, except for two issues for which I couldn't find any docs:
>>
>> What (where) is the ssh-agent cache? Some directory where the decrypted
>> keys are kept? (I mean, if I keep ssh-agent running all day, is it more
>> secure than just having my private keys unencrypted?)
>
> I understand (but could well be wrong) that the ssh-agent creates a new
> directory in /tmp/ with restrictive permissions (0700) and then creates a
> unix socket in it, with rather restrictive permissions (0600). Anyone who can
> connect to this socket (a hacker?!) could access your decrypted keys. Also,
> root can access the socket and therefore your keys.
>
Well, assuming that you're right, the whole concept is rather
disappointing. After all, the private keys have the same restrictive
permissions, and if the keys are kept in the clear when the agent is
active, then a hacker might fetch the keys from the temporary dir as
well as from ~/.ssh (I'm not really taking into account the extra
security-by-obscurity provided by the variable path to the socket.)
Maybe I didn't understand the whole thing.
>> When adding keys with ssh-add, does it use protected memory to get the
>> passphrases?
>
> I believe the above answer covers this too. If you run the ssh-add with
> the -c option the agent will run the ssh-askpass when anyone tries to
> retrieve the passwords.
>
What I meant is whether the passphrase to unencrypt a key (in order to
put ot in the cache) is really safe.
> This is how it used to be last time I looked at it, not sure how it has
> evolved over the last few months.
>
Thanks.
--
Jorge Almeida
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-20 22:47 ` Mick
2006-11-20 23:09 ` Jorge Almeida
@ 2006-11-21 5:55 ` Boyd Stephen Smith Jr.
2006-11-21 9:32 ` Jorge Almeida
1 sibling, 1 reply; 15+ messages in thread
From: Boyd Stephen Smith Jr. @ 2006-11-21 5:55 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 2286 bytes --]
On Monday 20 November 2006 16:47, Mick <michaelkintzios@gmail.com> wrote
about 'Re: [gentoo-user] ssh-agent':
> On Monday 20 November 2006 17:20, Jorge Almeida wrote:
> > I've been reading the ssh-agent documentation (and googling) and it
> > seems clear, except for two issues for which I couldn't find any docs:
> >
> > What (where) is the ssh-agent cache? Some directory where the
> > decrypted keys are kept? (I mean, if I keep ssh-agent running all day,
> > is it more secure than just having my private keys unencrypted?)
>
> I understand (but could well be wrong) that the ssh-agent creates a new
> directory in /tmp/ with restrictive permissions (0700) and then creates
> a unix socket in it, with rather restrictive permissions (0600). Anyone
> who can connect to this socket (a hacker?!) could access your decrypted
> keys. Also, root can access the socket and therefore your keys.
Technically this is incorrect, anyone that can read and write to this
socket can authenticate using the keys, but they can't read the key
material directly. They can also engage in a known-plaintext or
known-cyphertext attack to attempt to determine the keys, which makes
whole classes of attacks more viable, but as far as I know there's still
little danger (unless maybe you are running the agent on one of the Top
500 :). Of course, since ssh keys aren't used for anything but
authentication, it may not be important that no key material escapes.
Of course, with a malicious root user you are pretty much fscked anyway;
they can run a kernel that tells ssh that memory is locked, but then log
all changes to that memory (revealing your key as it is generated) or log
all input to your tty (revealing your passphrase and letting them read the
key directly).
Attacks against your user from root are not someting to worry about. You
can't to anything to prevent them. They are something to be aware of;
e.g. it's ill-advised to use agent forwarding unless both local and remote
root are equivalently trusted.
--
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 5:55 ` Boyd Stephen Smith Jr.
@ 2006-11-21 9:32 ` Jorge Almeida
2006-11-21 10:09 ` Etaoin Shrdlu
` (2 more replies)
0 siblings, 3 replies; 15+ messages in thread
From: Jorge Almeida @ 2006-11-21 9:32 UTC (permalink / raw
To: gentoo-user
On Mon, 20 Nov 2006, Boyd Stephen Smith Jr. wrote:
>>
>> I understand (but could well be wrong) that the ssh-agent creates a new
>> directory in /tmp/ with restrictive permissions (0700) and then creates
>> a unix socket in it, with rather restrictive permissions (0600). Anyone
>> who can connect to this socket (a hacker?!) could access your decrypted
>> keys. Also, root can access the socket and therefore your keys.
>
> Technically this is incorrect, anyone that can read and write to this
> socket can authenticate using the keys, but they can't read the key
> material directly. They can also engage in a known-plaintext or
OK, that's what I thought. But a troian running with the normal user
permissions could get the keys by reading the temporary directory (not
by connecting to the socket). Is this right? Or are the keys protected
in some other way? For example, keys might be kept encrypted and then
decrypted on demand using the passphrase provided when the key was
added, assuming the passphrase was kept on protected memory.
> known-cyphertext attack to attempt to determine the keys, which makes
> whole classes of attacks more viable, but as far as I know there's still
> little danger (unless maybe you are running the agent on one of the Top
> 500 :). Of course, since ssh keys aren't used for anything but
What are "the Top 500"???
> authentication, it may not be important that no key material escapes.
>
> Of course, with a malicious root user you are pretty much fscked anyway;
>
Root is not my problem.
>
Thanks,
Jorge Almeida
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 9:32 ` Jorge Almeida
@ 2006-11-21 10:09 ` Etaoin Shrdlu
2006-11-21 17:00 ` Ralf Stephan
2006-11-21 18:24 ` Boyd Stephen Smith Jr.
2 siblings, 0 replies; 15+ messages in thread
From: Etaoin Shrdlu @ 2006-11-21 10:09 UTC (permalink / raw
To: gentoo-user
On Tuesday 21 November 2006 10:32, Jorge Almeida wrote:
> What are "the Top 500"???
http://www.top500.org
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 9:32 ` Jorge Almeida
2006-11-21 10:09 ` Etaoin Shrdlu
@ 2006-11-21 17:00 ` Ralf Stephan
2006-11-21 18:24 ` Boyd Stephen Smith Jr.
2 siblings, 0 replies; 15+ messages in thread
From: Ralf Stephan @ 2006-11-21 17:00 UTC (permalink / raw
To: gentoo-user
Jorge Aleida wrote
> >Technically this is incorrect, anyone that can read and write to this
> >socket can authenticate using the keys, but they can't read the key
> >material directly. They can also engage in a known-plaintext or
>
> OK, that's what I thought. But a troian running with the normal user
> permissions could get the keys by reading the temporary directory (not
> by connecting to the socket). Is this right? Or are the keys protected
> in some other way? For example, keys might be kept encrypted and then
> decrypted on demand using the passphrase provided when the key was
> added, assuming the passphrase was kept on protected memory.
That's why some people build public keys as root on a desktop but try
to do everything else like browsing or reading mail as user.
ralf
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 9:32 ` Jorge Almeida
2006-11-21 10:09 ` Etaoin Shrdlu
2006-11-21 17:00 ` Ralf Stephan
@ 2006-11-21 18:24 ` Boyd Stephen Smith Jr.
2006-11-21 18:41 ` Jorge Almeida
2 siblings, 1 reply; 15+ messages in thread
From: Boyd Stephen Smith Jr. @ 2006-11-21 18:24 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1672 bytes --]
On Tuesday 21 November 2006 03:32, Jorge Almeida <jalmeida@math.ist.utl.pt>
wrote about 'Re: [gentoo-user] ssh-agent':
> On Mon, 20 Nov 2006, Boyd Stephen Smith Jr. wrote:
> >> I understand (but could well be wrong) that the ssh-agent creates a
> >> new directory in /tmp/ with restrictive permissions (0700) and then
> >> creates a unix socket in it, with rather restrictive permissions
> >> (0600). Anyone who can connect to this socket (a hacker?!) could
> >> access your decrypted keys. Also, root can access the socket and
> >> therefore your keys.
> >
> > Technically this is incorrect, anyone that can read and write to this
> > socket can authenticate using the keys, but they can't read the key
> > material directly. They can also engage in a known-plaintext or
>
> OK, that's what I thought. But a troian running with the normal user
> permissions could get the keys by reading the temporary directory (not
> by connecting to the socket). Is this right?
No. There's no files in the temporary directory besides the socket.
> Or are the keys protected
> in some other way?
They are only stored in locked memory; they are never on disk unencrypted.
Anyone that can read locked memory can access them, but this is very few
users/processes on Linux -- and besides those same users will be able to
read the key as you authenticate even if you don't use ssh-agent, as long
as they time things right.
--
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 18:24 ` Boyd Stephen Smith Jr.
@ 2006-11-21 18:41 ` Jorge Almeida
2006-11-21 20:14 ` Boyd Stephen Smith Jr.
2006-11-21 21:15 ` Mick
0 siblings, 2 replies; 15+ messages in thread
From: Jorge Almeida @ 2006-11-21 18:41 UTC (permalink / raw
To: gentoo-user
On Tue, 21 Nov 2006, Boyd Stephen Smith Jr. wrote:
>>
>> OK, that's what I thought. But a troian running with the normal user
>> permissions could get the keys by reading the temporary directory (not
>> by connecting to the socket). Is this right?
>
> No. There's no files in the temporary directory besides the socket.
>
>> Or are the keys protected
>> in some other way?
>
> They are only stored in locked memory; they are never on disk unencrypted.
> Anyone that can read locked memory can access them, but this is very few
> users/processes on Linux -- and besides those same users will be able to
> read the key as you authenticate even if you don't use ssh-agent, as long
> as they time things right.
>
OK, this sounds better! I posted to the gnupg-users, asking a similar
question about gpg-agent. I guess gpg-agent works the same way.
I think these details about the workings of ssh-agent deserve more
visibility. Did you find some unusual documentation or read the source?
The latter is not in my skills, unfortunately.
Thanks.
--
Jorge Almeida
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 18:41 ` Jorge Almeida
@ 2006-11-21 20:14 ` Boyd Stephen Smith Jr.
2006-11-21 21:15 ` Mick
1 sibling, 0 replies; 15+ messages in thread
From: Boyd Stephen Smith Jr. @ 2006-11-21 20:14 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 772 bytes --]
On Tuesday 21 November 2006 12:41, Jorge Almeida <jalmeida@math.ist.utl.pt>
wrote about 'Re: [gentoo-user] ssh-agent':
> I think these details about the workings of ssh-agent deserve more
> visibility. Did you find some unusual documentation or read the source?
I've never read the source, so it's a combination of documentation and
deduction. Documentation was probably from discussions of locked memory
issues and other security threats to ssh-agent over the span of time I've
been ssh-aware, so no specific URL I can hand you.
--
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 18:41 ` Jorge Almeida
2006-11-21 20:14 ` Boyd Stephen Smith Jr.
@ 2006-11-21 21:15 ` Mick
2006-11-21 23:25 ` Jorge Almeida
1 sibling, 1 reply; 15+ messages in thread
From: Mick @ 2006-11-21 21:15 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1702 bytes --]
On Tuesday 21 November 2006 18:41, Jorge Almeida wrote:
> On Tue, 21 Nov 2006, Boyd Stephen Smith Jr. wrote:
> >> OK, that's what I thought. But a troian running with the normal user
> >> permissions could get the keys by reading the temporary directory (not
> >> by connecting to the socket). Is this right?
> >
> > No. There's no files in the temporary directory besides the socket.
> >
> >> Or are the keys protected
> >> in some other way?
> >
> > They are only stored in locked memory; they are never on disk
> > unencrypted. Anyone that can read locked memory can access them, but this
> > is very few users/processes on Linux -- and besides those same users will
> > be able to read the key as you authenticate even if you don't use
> > ssh-agent, as long as they time things right.
>
> OK, this sounds better! I posted to the gnupg-users, asking a similar
> question about gpg-agent. I guess gpg-agent works the same way.
Please post back your findings!
What happens to the /tmp/ directory & socket file after the user logs out?
Does it get deleted by the ssh-agent shutdown script?
I am asking this because I seem to continuously accumulate a load of gpg-agent
directories and socket files into my /tmp. Unless of course gpg-agent works
on a different principle all together. My start up & shutdown scripts are
in /etc/X11/Sessions/fluxbox. Are they correct for this task?
================================================
eval "$(gpg-agent --daemon)"
/usr/bin/startfluxbox
kill `echo ${GPG_AGENT_INFO} | cut -d ':' -f 2`
================================================
Or should I have another line to 'rm -Rf /tmp/gpg-*'
--
Regards,
Mick
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 21:15 ` Mick
@ 2006-11-21 23:25 ` Jorge Almeida
2007-02-12 23:26 ` Justin Patrin
0 siblings, 1 reply; 15+ messages in thread
From: Jorge Almeida @ 2006-11-21 23:25 UTC (permalink / raw
To: gentoo-user
On Tue, 21 Nov 2006, Mick wrote:
>>> They are only stored in locked memory; they are never on disk
>>> unencrypted. Anyone that can read locked memory can access them, but this
>>> is very few users/processes on Linux -- and besides those same users will
>>> be able to read the key as you authenticate even if you don't use
>>> ssh-agent, as long as they time things right.
>>
>> OK, this sounds better! I posted to the gnupg-users, asking a similar
>> question about gpg-agent. I guess gpg-agent works the same way.
>
> Please post back your findings!
>
Well, no responses yet in the gnupg-users list, so there are no findings
to post! (Let's wait at least a few hours :))
> What happens to the /tmp/ directory & socket file after the user logs out?
> Does it get deleted by the ssh-agent shutdown script?
>
I didn't start using ssh-agent yet, but I tested it from the command
line and the directory was removed when I killed the ssh-agent process.
> I am asking this because I seem to continuously accumulate a load of gpg-agent
> directories and socket files into my /tmp. Unless of course gpg-agent works
I suppose that has to do with the agent(s) working as daemons? I don't
like that kind of setup. This is what I intend to (try to) do:
- One fixed socket, in some dedicated directory (no /tmp, no random name
for the socket)
- The socket name as a fixed env variable, set in the shell config files
- Hence, no need to eval, etc
- No daemon (i.e. no backgrounding). Just a service supervised by
daemontools. Logs go to a directory of my choosing and if the agent
dies, it is ressurrected, and the socket (with the same name) is
recreated (of course, keys must be added, then)
- A perl script to interact with the service, just in case.
I think this is not difficult to do, unless I grossly misunderstood
something essential. (Comments, anyone?) I just don't see the need to
run the agent as subordinate of an X session or whatever (please someone
correct me if I'm wrong!) And if I don't want the service running when
I'm not logged in, I could bring it down with the perl script (in
~/.bash_logout, maybe?)
For gpg-agent, I'm not so sure, but I hope it can be done too.
> on a different principle all together. My start up & shutdown scripts are
> in /etc/X11/Sessions/fluxbox. Are they correct for this task?
> ================================================
> eval "$(gpg-agent --daemon)"
> /usr/bin/startfluxbox
> kill `echo ${GPG_AGENT_INFO} | cut -d ':' -f 2`
> ================================================
>
> Or should I have another line to 'rm -Rf /tmp/gpg-*'
>
--
Jorge Almeida
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2006-11-21 23:25 ` Jorge Almeida
@ 2007-02-12 23:26 ` Justin Patrin
2007-02-16 17:54 ` Mick
0 siblings, 1 reply; 15+ messages in thread
From: Justin Patrin @ 2007-02-12 23:26 UTC (permalink / raw
To: gentoo-user
On 11/21/06, Jorge Almeida <jalmeida@math.ist.utl.pt> wrote:
> On Tue, 21 Nov 2006, Mick wrote:
> >>> They are only stored in locked memory; they are never on disk
> >>> unencrypted. Anyone that can read locked memory can access them, but this
> >>> is very few users/processes on Linux -- and besides those same users will
> >>> be able to read the key as you authenticate even if you don't use
> >>> ssh-agent, as long as they time things right.
> >>
> >> OK, this sounds better! I posted to the gnupg-users, asking a similar
> >> question about gpg-agent. I guess gpg-agent works the same way.
> >
> > Please post back your findings!
> >
> Well, no responses yet in the gnupg-users list, so there are no findings
> to post! (Let's wait at least a few hours :))
>
> > What happens to the /tmp/ directory & socket file after the user logs out?
> > Does it get deleted by the ssh-agent shutdown script?
> >
> I didn't start using ssh-agent yet, but I tested it from the command
> line and the directory was removed when I killed the ssh-agent process.
> > I am asking this because I seem to continuously accumulate a load of gpg-agent
> > directories and socket files into my /tmp. Unless of course gpg-agent works
> I suppose that has to do with the agent(s) working as daemons? I don't
> like that kind of setup. This is what I intend to (try to) do:
>
> - One fixed socket, in some dedicated directory (no /tmp, no random name
> for the socket)
> - The socket name as a fixed env variable, set in the shell config files
> - Hence, no need to eval, etc
> - No daemon (i.e. no backgrounding). Just a service supervised by
> daemontools. Logs go to a directory of my choosing and if the agent
> dies, it is ressurrected, and the socket (with the same name) is
> recreated (of course, keys must be added, then)
> - A perl script to interact with the service, just in case.
>
> I think this is not difficult to do, unless I grossly misunderstood
> something essential. (Comments, anyone?) I just don't see the need to
> run the agent as subordinate of an X session or whatever (please someone
> correct me if I'm wrong!) And if I don't want the service running when
> I'm not logged in, I could bring it down with the perl script (in
> ~/.bash_logout, maybe?)
> For gpg-agent, I'm not so sure, but I hope it can be done too.
>
> > on a different principle all together. My start up & shutdown scripts are
> > in /etc/X11/Sessions/fluxbox. Are they correct for this task?
> > ================================================
> > eval "$(gpg-agent --daemon)"
> > /usr/bin/startfluxbox
> > kill `echo ${GPG_AGENT_INFO} | cut -d ':' -f 2`
> > ================================================
> >
> > Or should I have another line to 'rm -Rf /tmp/gpg-*'
> >
>
ssh-agent /bin/sh
When you exit the shell, ssh-agent exits too (after cleaning up).
Running the agent as a daemon means you have to tell it when to shut
down as well (how would it know when to stop?).
--
Justin Patrin
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] ssh-agent
2007-02-12 23:26 ` Justin Patrin
@ 2007-02-16 17:54 ` Mick
0 siblings, 0 replies; 15+ messages in thread
From: Mick @ 2007-02-16 17:54 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 3498 bytes --]
On Monday 12 February 2007 23:26, Justin Patrin wrote:
> On 11/21/06, Jorge Almeida <jalmeida@math.ist.utl.pt> wrote:
> > On Tue, 21 Nov 2006, Mick wrote:
> > >>> They are only stored in locked memory; they are never on disk
> > >>> unencrypted. Anyone that can read locked memory can access them, but
> > >>> this is very few users/processes on Linux -- and besides those same
> > >>> users will be able to read the key as you authenticate even if you
> > >>> don't use ssh-agent, as long as they time things right.
> > >>
> > >> OK, this sounds better! I posted to the gnupg-users, asking a similar
> > >> question about gpg-agent. I guess gpg-agent works the same way.
> > >
> > > Please post back your findings!
> >
> > Well, no responses yet in the gnupg-users list, so there are no findings
> > to post! (Let's wait at least a few hours :))
> >
> > > What happens to the /tmp/ directory & socket file after the user logs
> > > out? Does it get deleted by the ssh-agent shutdown script?
> >
> > I didn't start using ssh-agent yet, but I tested it from the command
> > line and the directory was removed when I killed the ssh-agent process.
> >
> > > I am asking this because I seem to continuously accumulate a load of
> > > gpg-agent directories and socket files into my /tmp. Unless of course
> > > gpg-agent works
> >
> > I suppose that has to do with the agent(s) working as daemons? I don't
> > like that kind of setup. This is what I intend to (try to) do:
> >
> > - One fixed socket, in some dedicated directory (no /tmp, no random name
> > for the socket)
> > - The socket name as a fixed env variable, set in the shell config files
> > - Hence, no need to eval, etc
> > - No daemon (i.e. no backgrounding). Just a service supervised by
> > daemontools. Logs go to a directory of my choosing and if the agent
> > dies, it is ressurrected, and the socket (with the same name) is
> > recreated (of course, keys must be added, then)
> > - A perl script to interact with the service, just in case.
> >
> > I think this is not difficult to do, unless I grossly misunderstood
> > something essential. (Comments, anyone?) I just don't see the need to
> > run the agent as subordinate of an X session or whatever (please someone
> > correct me if I'm wrong!) And if I don't want the service running when
> > I'm not logged in, I could bring it down with the perl script (in
> > ~/.bash_logout, maybe?)
> > For gpg-agent, I'm not so sure, but I hope it can be done too.
> >
> > > on a different principle all together. My start up & shutdown scripts
> > > are in /etc/X11/Sessions/fluxbox. Are they correct for this task?
> > > ================================================
> > > eval "$(gpg-agent --daemon)"
> > > /usr/bin/startfluxbox
> > > kill `echo ${GPG_AGENT_INFO} | cut -d ':' -f 2`
> > > ================================================
> > >
> > > Or should I have another line to 'rm -Rf /tmp/gpg-*'
>
> ssh-agent /bin/sh
>
> When you exit the shell, ssh-agent exits too (after cleaning up).
> Running the agent as a daemon means you have to tell it when to shut
> down as well (how would it know when to stop?).
Thanks Justin, the ssh-agent may clean up after its own lock-files, but the
gpg-agent doesn't. At least not when using my script above. My /tmp is full
of gpg-xxxx lock-files, which in the absence of a better solution I manually
delete every now and then.
--
Regards,
Mick
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2007-02-16 18:58 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-20 17:20 [gentoo-user] ssh-agent Jorge Almeida
2006-11-20 20:41 ` Boyd Stephen Smith Jr.
2006-11-20 22:47 ` Mick
2006-11-20 23:09 ` Jorge Almeida
2006-11-21 5:55 ` Boyd Stephen Smith Jr.
2006-11-21 9:32 ` Jorge Almeida
2006-11-21 10:09 ` Etaoin Shrdlu
2006-11-21 17:00 ` Ralf Stephan
2006-11-21 18:24 ` Boyd Stephen Smith Jr.
2006-11-21 18:41 ` Jorge Almeida
2006-11-21 20:14 ` Boyd Stephen Smith Jr.
2006-11-21 21:15 ` Mick
2006-11-21 23:25 ` Jorge Almeida
2007-02-12 23:26 ` Justin Patrin
2007-02-16 17:54 ` Mick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox