On 29.11.2016 10:39, Werner Koch wrote: > /* FIXME: What to do here - forgetting the passphrase or deleting > the key from key cache? */ > > Given that there is no easy way to know the origin of the key (it may > have been added by ssh-add or be for example a gpg subkey) I tend to > implement the latter (i.e. forgetting the passphrase). When in doubt, do both?
In any case, if it's been added by ssh-add, it needs to be dropped. Otherwise you're not compatible with ssh-agent. One of my use cases is to add the key (from removable media) to some long-running process's key store. That process proceeds to do various remote things, after which it no longer requires access and thus removes the key. I am currently unable to use gpg-agent for this. > Indeed there is a bug when adding an ssh-key w/o passphrase. … and, once that succeeds (in my case by using an earlier version), actually using this key. -- -- Matthias Urlichs
