#606423 seahorse: ssh-add -[dD] is broken

Package:
seahorse
Source:
seahorse
Description:
GNOME front end for GnuPG
Submitter:
"Leo L. Schwab"
Date:
2010-12-09 01:09:10 UTC
Severity:
important
#606423#5
Date:
2008-01-21 04:07:48 UTC
From:
To:
	seahorse-agent upon startup appears to sniff through my ~/.ssh
directory, find any SSH identity keys, and automagically add them to
ssh-agent.  This appears to be default behavior, and is really, really
wrong.

	I have a peculiar setup here.  I regularly connect to a remote
server in two ways: password-authenticated (no key exchange), and key-
authenticated without passphrase.  The password-authenticated mode I use
for interactive sessions.

	The key-without-passphrase mode I use to fetch mail from the
remote IMAP server ('fetchmail' is configured to launch the tunnel).
The remote host is configured, when receiving that particular key, to
launch imapd (and only imapd).  Thus, the IMAP session is secure against
snoopers.

	But then seahorse-agent waltzes in, sees an identity key in
~/.ssh and, without so much as a peep, adds it to the ssh-agent.  This
means that, when attempting an interactive session, ssh-agent will
helpfully provide the SSH key bound to imapd, and I end up staring at an
IMAP protocol banner.

	Further, when I attempt to remove the cached key via
'ssh-add -D', seahorse-agent (presumably) adds it right back again.

	After some Googling around, I discovered this broken behavior
can be disabled via seahorse-preferences, so my immediate issue is
solved.  Nevertheless, I contend this, at the very least, should not be
default behavior, and in fact should be seriously reconsidered.  There
is absolutely no way for seahorse-agent to know the policy
considerations attached to any keys it may find lurking in ~/.ssh, and
therefore should not -- by default, anyway -- be trying to do anything
"clever" or "helpful" with them.

	Please investigate this matter.

					Thanks,
					Schwab

#606423#10
Date:
2008-01-21 10:20:51 UTC
From:
To:
Le dimanche 20 janvier 2008 à 20:07 -0800, Leo L. Schwab a écrit :

This setup is far from being the standard, even among people heavily
using SSH keys. This problem will exist only for a very small minority,
for which the preferences are here to deactivate the behavior.

Frankly, I think you should talk about that with upstream, on
seahorse-list at gnome.org. This is far beyond the things we are ready
to change for the Debian package.

Seahorse is precisely here for doing helpful things with, among other
things, SSH keys. The behavior you find annoying is helpful for people
with a sane setup.

So, we are not going to change the default unless something useful
arises from your discussion with upstream.

Cheers,

#606423#15
Date:
2010-12-09 01:04:22 UTC
From:
To:
clone 461829 -1
retitle -1 seahorse: ssh-add -[dD] is broken
kthxbye

There are two separate bugs here.  One is that seahorse grabs every key
that it can.  I am leaving this as 461829.  The other, which is being
split off, is that ssh-add -[dD] doesn't work.

My view on how ssh-add -d or ssh-add -D should work is that seahorse
should remove the keys in question and not add them back unless the user
uses ssh-add to do so.  I don't care if seahorse grabs every key that it
can as long as it gives them up when instructed to.  I don't think the
ease-of-use argument has any validity here, since the user will have
gone to a shell in order to remove the keys in question.