On Fri, May 27, 2016 at 06:20:44PM -0400, Nico Kadel-Garcia wrote: > On Fri, May 27, 2016 at 9:13 AM, Zbigniew Jędrzejewski-Szmek > <zbys...@in.waw.pl> wrote: > > On Fri, May 27, 2016 at 08:51:23AM -0400, Nico Kadel-Garcia wrote: > >> This breaks the storage of ssh-agent credentials for te one-time > >> enabling of SSH credentials for access on running hosts. > > > > You mean you start ssh-agent somewhere during the first login and then > > access it from any process from further sessions? You can get a setup > > to work like this by running the agent in a service, like any long > > running service. > > It's a historically useful way to require an authorized user to > actually log into the system and unlock the key. It's similar to the > requirement of secure Kerberos servers and Java keystore systems to > have a user attend the startup of the daemons, in order to unlock the > protected credentials on request and prevent unauthorized use of the > service from a stolen backup or disk image.
Sure, but there's more than one way to do this. Unless you provide more details, there is now way to guess what is broken for you. Based on your general description, there should be no reason for this to not work. Zbyszek -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
