ssh-agent too easy to hack
Andrew Stribblehill
a.d.stribblehill at durham.ac.uk
Fri Jan 18 01:56:58 EST 2002
Quoting Pekka Savola <pekkas at netcore.fi>:
> Me, for example, always xlock my workstation even if I go to talk to my
> colleagues nearby. If sufficient care is observed, the time periods
> should be usably long.
Of course, if you're using xscreensaver, the following script helps:
#!/usr/bin/perl -w
#
# screenwatch. Watches xscreensaver and drops keys when screen blanks.
# Adds the default key on unblank.
#
# Typical usage: Put this command in your .xsession
#
# BUGS: Only adds the default key, not all the keys that it had before.
# [Matter-of-taste] Drops keys on both blank and lock.
use strict;
use POSIX 'setsid';
sub daemonise {
chdir '/' or die "Can't chdir to /: $!";
open STDIN, '/dev/null' or die "Can't read /dev/null: $!";
open STDOUT, '>/dev/null' or die "Can't write to /dev/null: $!";
defined(my $pid = fork) or die "Can't fork: $!";
exit if $pid;
setsid or die "Can't start a new session: $!";
open STDERR, '>&STDOUT' or die "Can't dup stdout: $!";
}
daemonise();
my $blanked = 0;
open (IN, "/usr/bin/X11/xscreensaver-command -watch |");
while (<IN>) {
if (m/^(BLANK|LOCK)/) {
if (!$blanked) {
system("/usr/bin/ssh-add -D");
$blanked = 1;
}
} elsif (m/^UNBLANK/) {
system("ssh-add");
$blanked = 0;
}
}
I can't remember who wrote that, but it doesn't look like my code.
--
MALIN HEBRIDES BAILEY
WEST OR SOUTHWEST 5 OR 6 BACKING SOUTH OR SOUTHEAST 7 OR GALE 8,
PERHAPS SEVERE GALE 9 LATER. SQUALLY SHOWERS THEN RAIN. GOOD
BECOMING MODERATE
More information about the openssh-unix-dev
mailing list