Bug#472477: ssh-add -D does not remove SSH key from gnome-keyring-daemon memory
Alex King
alex at king.net.nz
Sat Apr 18 00:13:24 BST 2020
This still appears to be a problem.
I can't log in to some remote machines because there are too many keys
loaded, and gnome-keyring-daemon won't remove them.
I have been affected by this quite a few times over the years, it has
wasted hours of my time. It means I need to use workarounds which just
cause unnecessary effort.
This prevents ssh working. It is a potential security bug. It would be
great if the gnome maintainers could do something about it after 12 years.
Thanks,
Alex
On Wed, 05 Sep 2018 17:45:46 +0200 =?UTF-8?Q?J=C3=A9r=C3=B4me?=
<jerome at jolimont.fr> wrote:
> I think I just got caught by this.
>
> I'm using Debian Stretch/Mate and I had SSH Gnome keyring launched at
> startup (install default, I guess).
>
> Indeed I do see gnome-keyring in ps ax:
>
> 1255 ? Sl 0:03 /usr/bin/gnome-keyring-daemon --daemonize
> --login
>
> While testing ssh keys, I created a key and added a .ssh/config file
> with this content:
>
> Host github.com
> IdentityFile ~/.ssh/github-test.key
>
> I checked I could connect.
>
> Then I removed the file and even the key itself. And I could still
> connect (!).
>
> I figured keys must be cached somehow and found out about ssh-agent.
>
> I tried to delete the key cache using
>
> ssh-add -D
>
> And althouth it says
>
> All identities removed.
>
> all the keys in the cache still appear when running
>
> ssh-add -l
>
> echo $SSH_AGENT_PID
> 1336
>
> ps ax:
>
> 1336 ? Ss 0:04 /usr/bin/ssh-agent x-session-manager
>
> gnome-keyring 3.20.0-3
> openssh-client 1:7.4p1-10+deb9u4
>
> I have no idea what more I could provide to turn this message into
> something helpful...
>
> --
> Jérôme
>
>
>
More information about the pkg-gnome-maintainers
mailing list