** Changed in: openssh (Ubuntu) Assignee: HECTOR DAVID (hektve) => Colin Watson (cjwatson)
** Changed in: gnome-keyring (Ubuntu) Assignee: HECTOR DAVID (hektve) => Ubuntu Desktop Bugs (desktop-bugs) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/209447 Title: gnome-keyring-daemon does not honor constrained ssh identities Status in GNOME Keyring: Confirmed Status in portable OpenSSH: Fix Released Status in gnome-keyring package in Ubuntu: In Progress Status in openssh package in Ubuntu: Fix Released Bug description: Binary package hint: gnome-keyring The ssh-agent honors adding constrained identities -- where such constraints may be either: * Require confirmation each time the agent allows the identity to be used. * A maximum lifetime for the identity. The gnome-keyring-daemon is a replacement for the ssh-agent in Hardy Heron, but does not support those constraints. If the user issues: ssh-add -c or ssh-add -t <time value> The identities will be added without those constraints. This is especially important in some uses of the ssh-agent, such as ssh-agent forwarding, where the usage of the agent can not be considered secure without the confirmation constraint. If the gnome-keyring-daemon is intended to replace the ssh-agent in Ubuntu, it should support these important security features -- they were added with good reason. To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/209447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp