openssh unix dev - Mar 2003 - [Bug 496] add a timeout function to ssh-agent

http://bugzilla.mindrot.org/show_bug.cgi?id=496





------- Additional Comments From hauser at acm.org  2003-03-31 16:56 -------
Created an attachment (id=266)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=266&action=view)
Readme.txt

for the japanese win-ssh-agent.exe/win-ssh-askpass.exe proofread by Nayuta



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=496

hauser at acm.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vinschen at redhat.com



------- Additional Comments From hauser at acm.org  2003-04-02 17:24 -------
Thanks to Corinna, I now can test it on the new cygwin version.

Results:
a) [ -S $SSH_AUTH_SOCK ] || eval `ssh-agent -t 900 -sa $SSH_AUTH_SOCK`
doesn't ask for the lock password (as hinted in
http://bugzilla.mindrot.org/show_bug.cgi?id=496#c3) what did I do wrong?
b) If I manually add "ssh-add -x" I get asked for the lock password
twice. This
is unnecessary overhead - my screenlock also doesn't need to be configured
manually each time I login. It should be possible to take a default password
(e.g. the same one as the default identity .ssh/id_rsa has.)
c) after the time-out, instead of trying to unlock by issuing "ssh-add
-X"
itself, the next ssh command will just no longer use my authorized_keys, but
degrade the security level and ask for my server-side password
d) the lock appears to take place after "elapsed seconds". It would be
great if
it also could be configured to only consider "idle seconds".



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.