What's up with ssh key access?

Joe Smith jes at martnet.com
Thu Apr 17 04:49:58 UTC 2008 

Replying to all here; thanks a lot for the help.

First, sorry about the "WTF" crack. I was in a rush, and that nasty 
dialog was holding me up. On top of that the dialog seemed (and still 
seems) completely bass-ackwards.

Nalin Dahyabhai wrote:
 > ...
 > I'm pretty sure that's gnome-keyring presenting the dialog.  Just to
 > be sure, the password you gave it was the passphrase for your SSH
 > key?  It works when I give it mine, though I'm not sure I'm happy
 > about the key being added to the keyring automatically when I do
 > that.

Yep, that looks like the culprit. If I kill gnome-keyring, I don't get 
the dialog with my rsync.

I'm not sure I ever set up a passphrase. I have a public key, so I must 
have at some point, but I'm sure I don't remember (exactly) what it is.

At any rate, the dialog asks for a "pass/word/" and gives little or no 
clue which password it might be interested in.

Andrew Farris wrote:
 > ...
 > Do you have the permissions all correct in ~/.ssh?  Check that they
 > are only read and editable by your user?

Good thought.

They are correct (I think): most files in .ssh are 600; a couple, e.g. 
identity.pub, are 644. The dir itself is 0755.

Jon Stanley wrote:
 > ...
 > I'm sure there's some way to disable it, but I haven't a clue
 > what it is (I probably wouldn't disable it even if I knew how - thus
 > why I haven't looked - probably some gconf thing, though)

I looked through the desktop menus: I couldn't find any way to /start/ 
it, or otherwise configure it.

I looked through the session config tool: I couldn't find any mention of it.

So, I'm still looking for a way to make it go away permanently.

Maybe if it hadn't popped up and gotten in my way before, I'd be a 
little more open-minded, but (as a "tester") here's why I think this may 
not be ripe for general release:

* I never asked for any pasword or key manager, and the dialog gave no 
clue what it was or where it was coming from.

* The dialog did not say what identity it wanted to authenticate.

* It told me only that something wanted access to "id_rsa". It didn't 
say what or why, and it seemed to assume that I had some idea what the 
significance of that obscure name was. It so happens that I do know that 
"id_rsa" is part of ssh, but would most people know that? And what good 
does that do? I don't know if it's a serious thing that something wants 
access to that file.

* Entering a password just got me another shot at the same dialog, 
effectively blocking what I wanted to do.

* Clicking "Deny" on the dialog (twice) made the dialog go away and the 
operation continued on. What was denied?

* It seems strange to have a command-line application trigger a GUI 
dialog as a side effect.

* It seems strange to be challenged over access to my own file, by a 
program that I ran. The phrase "Cancel or Allow?" comes to mind.

Ok, I think that's about it.

I am effectively clueless about all of this, so there are probably 
technical reasons why all this is just so much ignorant whineage. I 
blathered on because I can't help but wonder how normal users are going 
to deal with this.

Thanks again for the suggestions; if anyone has an idea how/where to 
configure this, I'm still looking.

<Joe

More information about the test mailing list