Bug#472477: ssh-add -D does not remove SSH key from gnome-keyring-daemon memory
Loïc Minier
lool at dooz.org
Mon Mar 24 19:18:52 UTC 2008
On Mon, Mar 24, 2008, Arnaud Cornet wrote:
> Steps to reproduce:
> # ssh-add -l
> 1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
> # ssh-add -D
> All identities removed.
> # ssh-add -l
> 1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
>
> I am still able to log in with this key afterwards.
>
> This is a security issue since gnome-keyring-daemon seems to have
> transparently taken over ssh-agent. One might think he's key is unloaded
> after a ssh-add -D while it's not.
>
> I cannot even find a way to remove the key in gnome-keyring-manager GUI.
Are you sure "ssh-add -D" above is removing keys from g-k? I wonder
whether it could be removing keys from ssh-agent but ssh-add -l would
list them from g-k. You could try unsetting the gconf key for the ssh
component of g-k.
--
Loïc Minier
More information about the pkg-gnome-maintainers
mailing list