Re: [Monotone-devel] keyring integration from a user POV

[Benoît Dejean]

Le mardi 10 avril 2007 à 09:45 -0700, Justin Patrin a écrit :
> On 4/9/07, Benoît Dejean <address@hidden> wrote:
> > Le lundi 09 avril 2007 à 14:40 -0700, Justin Patrin a écrit :
> > > On 4/9/07, Benoît Dejean <address@hidden> wrote:
> >
> > > >
> > > > > If you do it using ssh-add (which is
> > > > > a command-line program) then it's going to ask on the command-line.
> > > >
> > > > No. Graphical GTK+.
> > > > ssh-add -l pops up graphical prompt on first use.
> > >
> > > No, ssh-add is not popping up a graphical prompt. gnome-keyring is.
> > > There's a chain of processes here at work.
> > > * ssh-add -l is asking for a list of keys from the agent
> > > * ssh-agent looks for its list of keys
> >
> > (Do you think i should fill a bug against ssh-agent because it tries to
> > unlock my keys just to list them ?)
> 
> I'm not sure. I would think you'd normally have your keys unlocked
> when logged in....do you lock them after a certain amount of time? Any
> program that needs to use your keys would likely cause them to unlock.
> Don't you have to enter your password when you ssh as well?

I am concerned about having to unlock all my keys on startup where is
would prefer to unlock them on first use.

> >
> > > * seahorse-agent notices that you want to look at the key and asks
> > > gnome-keyring for the password to decrypt it so that it can be added
> > > to the agent
> > > * gnome-password asks for your master passphrase to unlock your key
> > > passphrase (or just asks for your passphrase for the key depending on
> > > how you have it set up)
> > >
> > > Then back the other way
> > >
> > > * gnome-password passes the passphrase back to seahorse-agent
> > > * seahorse-agent uses the passphrase to decrypt your key and pass it
> > > to ssh-agent
> > > * ssh-agent adds the key to its in-memory keystore and passes the list
> > > of keys to ssh-add
> > > * ssh-add lists your keys
> > >
> > > Or something close to that anyway. mtn uses ssh-agent, not
> > > gnome-keychain or seahorse-agent so it asks for the passphrase itself.
> >
> > Hum OK. Somthing is really inconsistent here because "ssh-add -l" uses a
> > graphical prompt where "ssh-add key" doesn't. Or maybe i don't
> > understand. I have to reread this thread.
> 
> It's not inconsistent. It makes perfect sense, in fact. ssh-add -l is
> only listing keys so ssh-agent and hence seahorse and gnome-keychain
> are the ones loading the keys and causing the prompts. When you
> ssh-add key ssh-add is the one loading the key and hence needs your
> password.

OK


> >
> > I have tried to import my mtn.key in seahorse but the key fails to load
> > "file:///home/monotone/mtn_benoit
> > 0x7f7f7f7flacenet.org.key: Invalid file format"
> >
> 
> Sounds like seahorse doesn't support all of the key formats that
> ssh-agent/add does. I had to patch SSHKeychain to make it allow
> importing of this format.

Have you forwarded this patch upstream ?

-- 
Benoît Dejean
GNOME http://www.gnomefr.org/
LibGTop http://directory.fsf.org/libgtop.html

signature.asc
Description: Ceci est une partie de message numériquement signée