gpg-agent partitioning between sessions?
Pete Ashdown
pashdown at xmission.com
Tue Nov 13 00:15:14 CET 2012
On 11/12/2012 04:07 PM, Doug Barton wrote:
> On 11/12/2012 02:59 PM, Pete Ashdown wrote:
>> On 11/12/2012 03:52 PM, Doug Barton wrote:
>>> What do you mean by that? Are you talking about different users, or do
>>> you want to have different key stores for different terminals for the
>>> same user? If the latter, why?
>>>
>> The latter, if someone compromises a system with a running agent, I don't
>> want them to have access to everything I have an ssh-key for. Ssh-agent
>> asks for the key password with each new session. With gpg-agent, all I
>> need to do is hit return on the key password and it appears to pass through
>> to another gpg-agent so access is granted without any key password prompting.
> I'm not sure you're thinking about the problem in the right way. If they
> compromise the system, aren't all of your agent sessions vulnerable?
>
> You are much better off setting a reasonable inactivity timeout for your
> session. Look at these settings in gpg-agent.conf:
>
>
> default-cache-ttl N
> max-cache-ttl N
> default-cache-ttl-ssh N
> max-cache-ttl-ssh N
>
Thanks for the perspective. I guess I was misunderstanding how ssh-agent
was working.
More information about the Gnupg-users
mailing list