ssh-agent discard timeout behavior (too easy to hack)

Peter Watkins peterw at usa.net
Fri Jan 18 00:09:03 EST 2002


On Thu, Jan 17, 2002 at 09:19:45AM +0200, Pekka Savola wrote:
> On 16 Jan 2002, Aran Cox wrote:
> > Ideally you could choose both, dump the keys after a fixed period no
> > matter what and/or after a period of disuse.  At least, that's what I've
> > always wanted.  I'd dump them all after 4 hours no questions asked and
> > maybe an hour or two after their last use.  
> 
> What's the idea of such a short idle period?
> 
> Me, for example, always xlock my workstation even if I go to talk to my
> colleagues nearby.  If sufficient care is observed, the time periods
> should be usably long.

Same here. I can see why folks might want such a feature, but I personally
would not need/want such behavior on some of my systems. I would personally 
prefer that *default* behavior be current behavior; let folks add command 
line arguments to request that certain keys be treated differently.

Behavior question: let's say ssh-agent holds a key for sshd.example.com
If ssh-agent were to dump that key, should it 
 - forget about the key entirely (in which case, if the user were to
   connect to sshd.example.com, the user would likely be prompted for
   a regular password *after* ssh had already connected; if the user
   needed/wanted to use their key, they'd have to abort the ssh connection
   and re-add the key to ssh-agent before reconnecting)
 - remember that it *had* cached the key, and modify ssh/ssh-agent behavior
   such that the next time 'ssh' were used, it would prompt the user about
   each newly-dumped key with options like "forget" (forget all about this
   key; don't bother me again), "skip" (remember about this key, but I 
   don't need to use it this time), and "re-add" (please prompt me for the
   passphrase now so this key is available for ssh authentication in this
   ssh connection attempt)
 - something else?

Arguably, if default behavior were "hold on to keys forever" (unless a 
separate command were issued to flush some/all of them), then there 
wouldn't be much need for ssh/ssh-agent to be friendly about re-adding
keys that had timed out.

-Peter

-- 
One day you're gonna have to face the deep dark truthful mirror - E Costello



More information about the openssh-unix-dev mailing list