Public bug reported:
Binary package hint: gnome-keyring
The ssh-agent honors adding constrained identities -- where such constraints
may be either:
* Require confirmation each time the agent allows the identity to be used.
* A maximum lifetime for the identity.
The gnome-keyring-daemon is a replacement for the ssh-agent in Hardy
Heron, but does not support those constraints. If the user issues:
ssh-add -c
or
ssh-add -t <time value>
The identities will be added without those constraints.
This is especially important in some uses of the ssh-agent, such as ssh-
agent forwarding, where the usage of the agent can not be considered
secure without the confirmation constraint.
If the gnome-keyring-daemon is intended to replace the ssh-agent in
Ubuntu, it should support these important security features -- they were
added with good reason.
** Affects: gnome-keyring (Ubuntu)
Importance: Undecided
Status: New
--
gnome-keyring-daemon does not honor constrained ssh identities
https://bugs.launchpad.net/bugs/209447
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
