ssh-agent too easy to hack
Aran Cox
acox at ia.primustel.com
Fri Jan 18 02:44:25 EST 2002
I didn't mean to imply that is what the defaults should be for
ssh-agent, just that that is probably what I would set them too if I had
those features. Probably I'd quickly get annoyed at entering my
passphrase several times a day and set the timeouts for something
longer.
On Thu, 2002-01-17 at 01:19, Pekka Savola wrote:
> On 16 Jan 2002, Aran Cox wrote:
> > Ideally you could choose both, dump the keys after a fixed period no
> > matter what and/or after a period of disuse. At least, that's what I've
> > always wanted. I'd dump them all after 4 hours no questions asked and
> > maybe an hour or two after their last use.
>
> What's the idea of such a short idle period?
>
> Me, for example, always xlock my workstation even if I go to talk to my
> colleagues nearby. If sufficient care is observed, the time periods
> should be usably long.
>
> --
> Pekka Savola "Tell me of difficulties surmounted,
> Netcore Oy not those you stumble over and fall"
> Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020117/3c5df97b/attachment.bin
More information about the openssh-unix-dev
mailing list