[Bug 1695] ssh-add -D does not delete all keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Jan 10 22:42:03 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1695
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--- Comment #3 from Damien Miller <djm at mindrot.org> 2010-01-10 22:42:02 EST ---
ok, so the problem is with whatever ssh-agent that Debian is using
(probably seahorse-agent). They aren't using the OpenSSH one.
The problem is not with OpenSSH's ssh-add - it just sends the "delete
all keys" message (specified in [1]) and trusts that the agent does the
right thing. OpenSSH's certainly does.
I suggest that you follow up with the developers of seahorse-agent -
this is a significant security bug as it could leave keys exposed when
the user thought they deleted them.
[1]
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list