Bug#461829: seahorse-agent Improperly Caches SSH Keys by Default; Refuses to Relinquish Them

Leo L. Schwab ewhac at best.com
Mon Jan 21 04:07:48 UTC 2008 

Package: seahorse
Version: 2.20.3-1
Severity: important

	seahorse-agent upon startup appears to sniff through my ~/.ssh
directory, find any SSH identity keys, and automagically add them to
ssh-agent.  This appears to be default behavior, and is really, really
wrong.

	I have a peculiar setup here.  I regularly connect to a remote
server in two ways: password-authenticated (no key exchange), and key-
authenticated without passphrase.  The password-authenticated mode I use
for interactive sessions.

	The key-without-passphrase mode I use to fetch mail from the
remote IMAP server ('fetchmail' is configured to launch the tunnel).
The remote host is configured, when receiving that particular key, to
launch imapd (and only imapd).  Thus, the IMAP session is secure against
snoopers.

	But then seahorse-agent waltzes in, sees an identity key in
~/.ssh and, without so much as a peep, adds it to the ssh-agent.  This
means that, when attempting an interactive session, ssh-agent will
helpfully provide the SSH key bound to imapd, and I end up staring at an
IMAP protocol banner.

	Further, when I attempt to remove the cached key via
'ssh-add -D', seahorse-agent (presumably) adds it right back again.

	After some Googling around, I discovered this broken behavior
can be disabled via seahorse-preferences, so my immediate issue is
solved.  Nevertheless, I contend this, at the very least, should not be
default behavior, and in fact should be seriously reconsidered.  There
is absolutely no way for seahorse-agent to know the policy
considerations attached to any keys it may find lurking in ~/.ssh, and
therefore should not -- by default, anyway -- be trying to do anything
"clever" or "helpful" with them.

	Please investigate this matter.

					Thanks,
					Schwab

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.23 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages seahorse depends on:
ii  gconf2                  2.20.1-1         GNOME configuration database syste
ii  libart-2.0-2            2.3.19-3         Library of functions for 2D graphi
ii  libatk1.0-0             1.20.0-1         The ATK accessibility toolkit
ii  libavahi-client3        0.6.21-2         Avahi client library
ii  libavahi-common3        0.6.21-2         Avahi common library
ii  libavahi-glib1          0.6.21-2         Avahi glib integration library
ii  libbonobo2-0            2.20.2-1         Bonobo CORBA interfaces library
ii  libbonoboui2-0          2.20.0-1         The Bonobo UI library
ii  libc6                   2.7-5            GNU C Library: Shared libraries
ii  libcairo2               1.4.14-1         The Cairo 2D vector graphics libra
ii  libdbus-1-3             1.1.2-1          simple interprocess messaging syst
ii  libdbus-glib-1-2        0.74-1           simple interprocess messaging syst
ii  libgcc1                 1:4.2.2-4        GCC support library
ii  libgconf2-4             2.20.1-2         GNOME configuration database syste
ii  libglade2-0             1:2.6.2-1        library to load .glade files at ru
ii  libglib2.0-0            2.14.4-2         The GLib library of C routines
ii  libgnome-keyring0       2.20.3-1         GNOME keyring services library
ii  libgnome2-0             2.20.1.1-1       The GNOME 2 library - runtime file
ii  libgnomecanvas2-0       2.20.1.1-1       A powerful object-oriented display
ii  libgnomeprint2.2-0      2.18.2-1         The GNOME 2.2 print architecture -
ii  libgnomeprintui2.2-0    2.18.1-1         GNOME 2.2 print architecture User 
ii  libgnomeui-0            2.20.1.1-1       The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0          1:2.20.1-1       GNOME Virtual File System (runtime
ii  libgpgme11              1.1.6-1          GPGME - GnuPG Made Easy
ii  libgtk2.0-0             2.12.5-1         The GTK+ graphical user interface 
ii  libgtksourceview2.0-0   2.0.2-1          shared libraries for the GTK+ synt
ii  libice6                 2:1.0.4-1        X11 Inter-Client Exchange library
ii  libldap2                2.1.30-13.3      OpenLDAP libraries
ii  libnautilus-extension1  2.20.0-2         libraries for nautilus components 
ii  libnotify1 [libnotify1- 0.4.4-3          sends desktop notifications to a n
ii  libnspr4-0d             4.7.0~1.9b1-2    NetScape Portable Runtime Library
ii  liborbit2               1:2.14.7-0.1     libraries for ORBit2 - a CORBA ORB
ii  libpanel-applet2-0      2.20.3-1         library for GNOME Panel applets
ii  libpango1.0-0           1.18.4-1         Layout and rendering of internatio
ii  libpopt0                1.10-3           lib for parsing cmdline parameters
ii  libsm6                  2:1.0.3-1+b1     X11 Session Management library
ii  libsoup2.2-8            2.2.104-1        an HTTP library implementation in 
ii  libxml2                 2.6.30.dfsg-3    GNOME XML library
ii  libxul0d                1.8.1.6-1        Gecko engine library
ii  zlib1g                  1:1.2.3.3.dfsg-8 compression library - runtime

Versions of packages seahorse recommends:
ii  openssh-client                1:4.7p1-2  secure shell client, an rlogin/rsh

-- no debconf information

More information about the pkg-gnome-maintainers mailing list