On Mon, Mar 24, 2008, Arnaud Cornet wrote: > Steps to reproduce: > # ssh-add -l > 1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX > # ssh-add -D > All identities removed. > # ssh-add -l > 1024 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX > > I am still able to log in with this key afterwards. > > This is a security issue since gnome-keyring-daemon seems to have > transparently taken over ssh-agent. One might think he's key is unloaded > after a ssh-add -D while it's not. > > I cannot even find a way to remove the key in gnome-keyring-manager GUI.
Are you sure "ssh-add -D" above is removing keys from g-k? I wonder whether it could be removing keys from ssh-agent but ssh-add -l would list them from g-k. You could try unsetting the gconf key for the ssh component of g-k. -- Loïc Minier
