Bug#513235: gnome-keyring: selects wrong key when multiple ssh identities are used
Josselin Mouette
joss at debian.org
Tue Jan 27 15:02:58 UTC 2009
severity 513235 important
thanks
Le mardi 27 janvier 2009 à 15:43 +0100, Bjørn Mork a écrit :
> Package: gnome-keyring
> Version: 2.22.3-2
> Severity: critical
> Tags: security
> Justification: breaks unrelated software
No, SSH is not unrelated software. Not only it is related, but it is not
“broken” by this bug.
> I regularily log into a system which uses different ssh keys to select different
> configurations. This fails if gnome-keyring-daemon is running. It seems to use
> previously learned keys even if you specify "ssh -i <keyfile>", or use the
> IdentityFile keyword in ~/.ssh/config.
It would be interesting to see whether this happens if you use ssh-agent
instead of gnome-keyring. If you add the first key to the agent, do you
see the same behavior with "ssh -i key2" ?
My guess is that ssh tries the keys proposed by the agent before those
passed with the -i option. And if this is the case, there is nothing
that can be changed in gnome-keyring-daemon for that.
> Please fix before releasing lenny. Or at least disable gnome-keyring-daemon
> on default installations.
/usr/share/doc/gnome-keyring/README.Debian documents how to disable the
SSH agent functionality.
Cheers,
--
.''`.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090127/2e0777df/attachment.pgp
More information about the pkg-gnome-maintainers
mailing list