Package: seahorse
Version: 2.20.3-1
Severity: important
seahorse-agent upon startup appears to sniff through my ~/.ssh
directory, find any SSH identity keys, and automagically add them to
ssh-agent. This appears to be default behavior, and is really, really
wrong.
I have a peculiar setup here. I regularly connect to a remote
server in two ways: password-authenticated (no key exchange), and key-
authenticated without passphrase. The password-authenticated mode I use
for interactive sessions.
The key-without-passphrase mode I use to fetch mail from the
remote IMAP server ('fetchmail' is configured to launch the tunnel).
The remote host is configured, when receiving that particular key, to
launch imapd (and only imapd). Thus, the IMAP session is secure against
snoopers.
But then seahorse-agent waltzes in, sees an identity key in
~/.ssh and, without so much as a peep, adds it to the ssh-agent. This
means that, when attempting an interactive session, ssh-agent will
helpfully provide the SSH key bound to imapd, and I end up staring at an
IMAP protocol banner.
Further, when I attempt to remove the cached key via
'ssh-add -D', seahorse-agent (presumably) adds it right back again.
After some Googling around, I discovered this broken behavior
can be disabled via seahorse-preferences, so my immediate issue is
solved. Nevertheless, I contend this, at the very least, should not be
default behavior, and in fact should be seriously reconsidered. There
is absolutely no way for seahorse-agent to know the policy
considerations attached to any keys it may find lurking in ~/.ssh, and
therefore should not -- by default, anyway -- be trying to do anything
"clever" or "helpful" with them.
Please investigate this matter.
Thanks,
Schwab
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.23 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages seahorse depends on:
ii gconf2 2.20.1-1 GNOME configuration database syste
ii libart-2.0-2 2.3.19-3 Library of functions for 2D graphi
ii libatk1.0-0 1.20.0-1 The ATK accessibility toolkit
ii libavahi-client3 0.6.21-2 Avahi client library
ii libavahi-common3 0.6.21-2 Avahi common library
ii libavahi-glib1 0.6.21-2 Avahi glib integration library
ii libbonobo2-0 2.20.2-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.20.0-1 The Bonobo UI library
ii libc6 2.7-5 GNU C Library: Shared libraries
ii libcairo2 1.4.14-1 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.1.2-1 simple interprocess messaging syst
ii libdbus-glib-1-2 0.74-1 simple interprocess messaging syst
ii libgcc1 1:4.2.2-4 GCC support library
ii libgconf2-4 2.20.1-2 GNOME configuration database syste
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.14.4-2 The GLib library of C routines
ii libgnome-keyring0 2.20.3-1 GNOME keyring services library
ii libgnome2-0 2.20.1.1-1 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.20.1.1-1 A powerful object-oriented display
ii libgnomeprint2.2-0 2.18.2-1 The GNOME 2.2 print architecture -
ii libgnomeprintui2.2-0 2.18.1-1 GNOME 2.2 print architecture User
ii libgnomeui-0 2.20.1.1-1 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 1:2.20.1-1 GNOME Virtual File System (runtime
ii libgpgme11 1.1.6-1 GPGME - GnuPG Made Easy
ii libgtk2.0-0 2.12.5-1 The GTK+ graphical user interface
ii libgtksourceview2.0-0 2.0.2-1 shared libraries for the GTK+ synt
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libnautilus-extension1 2.20.0-2 libraries for nautilus components
ii libnotify1 [libnotify1- 0.4.4-3 sends desktop notifications to a n
ii libnspr4-0d 4.7.0~1.9b1-2 NetScape Portable Runtime Library
ii liborbit2 1:2.14.7-0.1 libraries for ORBit2 - a CORBA ORB
ii libpanel-applet2-0 2.20.3-1 library for GNOME Panel applets
ii libpango1.0-0 1.18.4-1 Layout and rendering of internatio
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libsoup2.2-8 2.2.104-1 an HTTP library implementation in
ii libxml2 2.6.30.dfsg-3 GNOME XML library
ii libxul0d 1.8.1.6-1 Gecko engine library
ii zlib1g 1:1.2.3.3.dfsg-8 compression library - runtime
Versions of packages seahorse recommends:
ii openssh-client 1:4.7p1-2 secure shell client, an rlogin/rsh
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
