gnome-keyring-daemon does not honor constrained ssh identities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNOME Keyring |
Fix Released
|
Medium
|
|||
portable OpenSSH |
Fix Released
|
Unknown
|
|||
gnome-keyring (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu Desktop Bugs | ||
openssh (Ubuntu) |
Fix Released
|
High
|
Colin Watson |
Bug Description
Binary package hint: gnome-keyring
The ssh-agent honors adding constrained identities -- where such constraints may be either:
* Require confirmation each time the agent allows the identity to be used.
* A maximum lifetime for the identity.
The gnome-keyring-
ssh-add -c
or
ssh-add -t <time value>
The identities will be added without those constraints.
This is especially important in some uses of the ssh-agent, such as ssh-agent forwarding, where the usage of the agent can not be considered secure without the confirmation constraint.
If the gnome-keyring-
Related branches
Changed in gnome-keyring: | |
status: | Unknown → Confirmed |
Changed in gnome-keyring: | |
status: | Confirmed → In Progress |
Changed in openssh (Ubuntu): | |
status: | New → Fix Committed |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in openssh: | |
status: | Unknown → Fix Released |
Changed in gnome-keyring: | |
status: | In Progress → Confirmed |
Changed in gnome-keyring: | |
importance: | Unknown → Medium |
Changed in openssh (Ubuntu): | |
assignee: | HECTOR DAVID (hektve) → Colin Watson (cjwatson) |
Changed in gnome-keyring (Ubuntu): | |
assignee: | HECTOR DAVID (hektve) → Ubuntu Desktop Bugs (desktop-bugs) |
Changed in gnome-keyring: | |
status: | Confirmed → Fix Released |
Changed in gnome-keyring (Ubuntu): | |
status: | In Progress → Fix Released |
Thanks for your bug report. This bug has been reported to the developers of the software. You can track it and make comments here: http:// bugzilla. gnome.org/ show_bug. cgi?id= 525574