Well, I know what you're talking about with the agent sticking around. I don't have any solution for you but this certainly sounds like something that's needed.
Russell Coker wrote: > On Wed, 12 Apr 2000, Jens B. Jorgensen wrote: > >That's what ssh-agent is for. You run ssh-agent and it will output > >environment > >variable for a unix domain socket. Then you run ssh-add and type in your > >passphrase. > >The ssh-agent caches your key and access is limited to your user > >(permissions on the > >unix socket). This is not secure enough for some of course. > > Thanks Ben and Jens for your advice on this issue. I have now got ssh-agent > working with support for X and non-X logins (/etc/profile checks whether > $DISPLAY is set to determine which alias to setup for ssh-add). > Now I have a problem though, sometimes a session gets killed without the > .logout running and the ssh-agent keeps running. > This is a problem as the machine in question could potentially be accessed by > an untrusted person and the ssh-agent contains the root password. What I > would like to do is have the ssh-agent timeout after some time of inactivity > and/or a specified period of time. Another thing I would like to do is have > a password get removed from the ssh-agent after a period of time. > > Has anyone worked on any of these issues? Does anyone have any code that may > help? > > If no-one else has done any of this then I intend to write some support for > this myself. > > Russell Coker > > >Russell Coker wrote: > > > >> Is it possible to have the ssh client read the pass-phrase for an > >> authorised > >> key from an environment variable? > >> > >> What I want to do is: > >> export PASS=`ssh-askpass` > >> for n in $MACHINES do > >> ssh $n command > >> done > >> unset PASS > >> > >> Or something similar. Basically I want to login to 30 machines and run > >> some > >> command but without having to enter my pass-phrase 30 times. I know I > >> could > >> use expect (and will if no-one has a better suggestion). But I'm sure > >> there > >> is a better way (why else would ssh-askpass exist?). > -- > My current location - X marks the spot. > X > X > X -- Jens B. Jorgensen [EMAIL PROTECTED]
