gpg-agent partitioning between sessions?

Pete Ashdown pashdown at
Tue Nov 13 00:15:14 CET 2012

On 11/12/2012 04:07 PM, Doug Barton wrote:
> On 11/12/2012 02:59 PM, Pete Ashdown wrote:
>> On 11/12/2012 03:52 PM, Doug Barton wrote:
>>> What do you mean by that? Are you talking about different users, or do
>>> you want to have different key stores for different terminals for the
>>> same user? If the latter, why?
>> The latter, if someone compromises a system with a running agent, I don't
>> want them to have access to everything I have an ssh-key for.  Ssh-agent
>> asks for the key password with each new session.  With gpg-agent, all I
>> need to do is hit return on the key password and it appears to pass through
>> to another gpg-agent so access is granted without any key password prompting.
> I'm not sure you're thinking about the problem in the right way. If they
> compromise the system, aren't all of your agent sessions vulnerable?
> You are much better off setting a reasonable inactivity timeout for your
> session. Look at these settings in gpg-agent.conf:
> default-cache-ttl N
> max-cache-ttl N
> default-cache-ttl-ssh N
> max-cache-ttl-ssh N

Thanks for the perspective.  I guess I was misunderstanding how ssh-agent
was working.

More information about the Gnupg-users mailing list