[Bug 496] add a timeout function to ssh-agent

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Apr 2 17:24:53 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=496

hauser at acm.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vinschen at redhat.com



------- Additional Comments From hauser at acm.org  2003-04-02 17:24 -------
Thanks to Corinna, I now can test it on the new cygwin version.

Results:
a) [ -S $SSH_AUTH_SOCK ] || eval `ssh-agent -t 900 -sa $SSH_AUTH_SOCK`
doesn't ask for the lock password (as hinted in
http://bugzilla.mindrot.org/show_bug.cgi?id=496#c3) what did I do wrong?
b) If I manually add "ssh-add -x" I get asked for the lock password twice. This
is unnecessary overhead - my screenlock also doesn't need to be configured
manually each time I login. It should be possible to take a default password
(e.g. the same one as the default identity .ssh/id_rsa has.)
c) after the time-out, instead of trying to unlock by issuing "ssh-add -X"
itself, the next ssh command will just no longer use my authorized_keys, but
degrade the security level and ask for my server-side password
d) the lock appears to take place after "elapsed seconds". It would be great if
it also could be configured to only consider "idle seconds".



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-unix-dev mailing list