-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I came across an odd feature in sl6 and maybe someone understands what causes this. It seems that SL6 has an agent that does an ssh-add when you log in. Unfortunately, it appears to snarf up any key you happen to have in your .ssh area even ones with nonstandard names. It has the rather disturbing feature that if you do a ssh-add -l immediately after logging in it shows your encrypted private key as being loaded. It seems not to be really since when you try to use it it then asks for the pass phrase with a gui popup. I'm guessing that it just looks at the pub part and recognizes that you "might use it" later.
In my case I keep some specialized unencrypted keys for specific functions (i.e. in the remote authorized_keys file these guys allow execution of a single rather harmless command). It seems that these get ssh-add'ed automatically at login and they are presented to the remote hosts in ways that preclude my using public key access on the second hop in a chain of ssh's (yes initially the real encrypted key gets used but on the second hop it appears the specialized ones get presented and force a failure for an actual login). I googled and found that there is an openssh agent in the startup applications that appears to have a related function but I don't seem to have that enabled so configuring is likely futile. I do have a workaround (simply move all these keys to some other area than .ssh) but I'm curious as to what is doing this and it seems like something people might want to be aware of. - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAk2CgIsACgkQOMIGC6x7/XQrfACgl/SAarLpTYwNB/OYyJiHcTU6 wsYAn20O6f3wytPmBLxTASgTxhtdP2a8 =Ir7x -----END PGP SIGNATURE-----
<<attachment: reb.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
