[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] keyring integration from a user POV
From: |
Benoît Dejean |
Subject: |
Re: [Monotone-devel] keyring integration from a user POV |
Date: |
Tue, 10 Apr 2007 01:07:03 +0200 |
Le lundi 09 avril 2007 à 14:40 -0700, Justin Patrin a écrit :
> On 4/9/07, Benoît Dejean <address@hidden> wrote:
> >
> > > If you do it using ssh-add (which is
> > > a command-line program) then it's going to ask on the command-line.
> >
> > No. Graphical GTK+.
> > ssh-add -l pops up graphical prompt on first use.
>
> No, ssh-add is not popping up a graphical prompt. gnome-keyring is.
> There's a chain of processes here at work.
> * ssh-add -l is asking for a list of keys from the agent
> * ssh-agent looks for its list of keys
(Do you think i should fill a bug against ssh-agent because it tries to
unlock my keys just to list them ?)
> * seahorse-agent notices that you want to look at the key and asks
> gnome-keyring for the password to decrypt it so that it can be added
> to the agent
> * gnome-password asks for your master passphrase to unlock your key
> passphrase (or just asks for your passphrase for the key depending on
> how you have it set up)
>
> Then back the other way
>
> * gnome-password passes the passphrase back to seahorse-agent
> * seahorse-agent uses the passphrase to decrypt your key and pass it
> to ssh-agent
> * ssh-agent adds the key to its in-memory keystore and passes the list
> of keys to ssh-add
> * ssh-add lists your keys
>
> Or something close to that anyway. mtn uses ssh-agent, not
> gnome-keychain or seahorse-agent so it asks for the passphrase itself.
Hum OK. Somthing is really inconsistent here because "ssh-add -l" uses a
graphical prompt where "ssh-add key" doesn't. Or maybe i don't
understand. I have to reread this thread.
> >
> > > Are you using seahorse for ssh-agent integration or something else?
> >
> > yes, seahorse-agent. GNOME 2.16 on Debian SID.
> >
> >
> > One thing i don't understand : if i export my key ssh_agent_export, it
> > tries to change the password. Why ?
>
> We figure that most people are using the get_passphrase hook right
> now. It would be a good idea to change your key passphrase when you
> export it since your passphrase was previously in plaintext on your
> hard drive.
OK. What about adding messages to explain that ? Because it actually
exports the key to ssh format with a new password. But the keystore
key's password is unchanged if i'm right.
mtn address@hidden ssh_agent_export mtn.key
<It would be a good idea to change your key passphrase when you
export it since your passphrase was previously in plaintext on your
hard drive.>
<Enter a new passphrase for the exported key>.
enter passphrase for key ID address@hidden:
enter new passphrase for key ID address@hidden:
confirm passphrase for key ID address@hidden:
Oh, and it looks like there is a little ~bug. I couldn't find the
exported key. I figured that mtn was changing dir to .. because there it
could found a _MTN dir. I ran "mtn address@hidden
ssh_agent_export mtn.key" in "/tmp/mtn" and the output key was
"/tmp/mtn.key" where i expected "./mtn.key"
stat64("/tmp/mtn/_MTN", 0x7fea8af8) = -1 ENOENT (No such file or directory)
stat64("/tmp/_MTN", {st_mode=S_IFDIR|0700, st_size=144, ...}) = 0
stat64("/tmp/_MTN", {st_mode=S_IFDIR|0700, st_size=144, ...}) = 0
stat64("/tmp/_MTN", {st_mode=S_IFDIR|0700, st_size=144, ...}) = 0
stat64("/tmp/_MTN", {st_mode=S_IFDIR|0700, st_size=144, ...}) = 0
stat64("/tmp/_MTN/..", {st_mode=S_IFDIR|S_ISVTX|0777,
st_size=1016, ...}) = 0
chdir("/tmp")
...
open("mtn.key", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4
I have tried to import my mtn.key in seahorse but the key fails to load
"file:///home/monotone/mtn_benoit
0x7f7f7f7flacenet.org.key: Invalid file format"
--
Benoît Dejean
GNOME http://www.gnomefr.org/
LibGTop http://directory.fsf.org/libgtop.html
signature.asc
Description: Ceci est une partie de message numériquement signée
- [Monotone-devel] keyring integration from a user POV, Benoît Dejean, 2007/04/07
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/07
- Re: [Monotone-devel] keyring integration from a user POV, Benoît Dejean, 2007/04/08
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/09
- Re: [Monotone-devel] keyring integration from a user POV, Benoît Dejean, 2007/04/09
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/09
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/09
- Re: [Monotone-devel] keyring integration from a user POV, Benoît Dejean, 2007/04/09
- Re: [Monotone-devel] keyring integration from a user POV, Benoît Dejean, 2007/04/09
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/09
- Re: [Monotone-devel] keyring integration from a user POV,
Benoît Dejean <=
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/10
- Re: [Monotone-devel] keyring integration from a user POV, Derek Scherger, 2007/04/11
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/12
- Re: [Monotone-devel] keyring integration from a user POV, Zack Weinberg, 2007/04/12
- Re: [Monotone-devel] keyring integration from a user POV, Nathaniel Smith, 2007/04/12
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/12
- Re: [Monotone-devel] keyring integration from a user POV, Benoît Dejean, 2007/04/13
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/13
- Re: [Monotone-devel] keyring integration from a user POV, Benoît Dejean, 2007/04/13
- Re: [Monotone-devel] keyring integration from a user POV, Justin Patrin, 2007/04/13