On Fri, May 27, 2016 at 9:13 AM, Zbigniew Jędrzejewski-Szmek
On Fri, May 27, 2016 at 08:51:23AM -0400, Nico Kadel-Garcia wrote:
> This breaks the storage of ssh-agent credentials for te one-time
> enabling of SSH credentials for access on running hosts.
You mean you start ssh-agent somewhere during the first login and then
access it from any process from further sessions? You can get a setup
to work like this by running the agent in a service, like any long
It's a historically useful way to require an authorized user to
actually log into the system and unlock the key. It's similar to the
requirement of secure Kerberos servers and Java keystore systems to
have a user attend the startup of the daemons, in order to unlock the
protected credentials on request and prevent unauthorized use of the
service from a stolen backup or disk image.
> Gods alone know what else it will break.
File the bugs, we'll deal with them one at a time.
If I could list all the bugs caused by this change, in advance, in all
of Fedora userland, I'd be paid a lot more.