[lbackup-discussion] Backup server and ssh permitrootlogin settings

henri reply to this message via the mailing list
Mon Oct 12 14:30:12 NZDT 2009

Previous message: [lbackup-discussion] Backup server and ssh permitrootlogin settings
Next message: [lbackup-discussion] Backup server and ssh permitrootlogin settings
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> You may be able to guess the depths to which I have been down this  
> road :)
> That app has not been developed much in a while, and last I heard it  
> leaked a little, and has not seen any updates.  I do not suspect it  
> will work well on Snow.  I could be wrong.  I did reach out to the  
> developer to see just how he is unloading the keys from ssh-agent on  
> sleep, but was not able to get a reply.
>
> I was able to write some scripts that would be able to detect wake  
> and sleep, so if I could just figure out how to get ssh-agent to  
> forget the keys, I would be in busines.
>
> This blog post is has as much as anyone has put up on the matter:
> http://www.dribin.org/dave/blog/archives/2007/11/28/ssh_agent_leopard/
>
> The follow up is even better:
> http://www.dribin.org/dave/blog/archives/2007/11/28/ 
> securing_ssh_agent/
>
> The trouble is launchctl stop org.openbsd.ssh-agent does not unload  
> the keys.  I have been much more brute force about it, and even  
> completely killed the agent.  I finally gave up.

Okay I am with you! I have not yet tested SSHKeychain on Snow. I will  
let you know if it works when I have a moment. These links are great.  
Thanks.


>>> You would think unloading the launchd item would do it, but  
>>> apparently there is more to it than that.  I took that issue to  
>>> the ssh mailing list, and did not get too far.
>>
>> I see. Are you setting this up on Mac OS X?
>
> Correct.  I have found an acceptable enough workaround.  My trouble  
> is I manage a lot of servers, and if someone were to get my laptop,  
> it would only take a trip to known_hosts to know where I connect to,  
> and as long as my machine has only slept, they could get right in.
>
> I do know, if my laptop is ever taken, I can always login to the  
> remote machine, and revoke all keys.  There is also the fact that  
> most would be thieves are probably not going to be sysadmins :-)

I wish you the best if luck with this. I hope they sort it out so when  
it is unloaded it works correctly. It sounds like it should actually  
be unloading the keys.

> I will gather all my data and report it back here, so you can  
> perhaps add it to your Web site for others. Thank you for your help.


Fantastic! Thank you for all the great information.

Keep in touch.

Previous message: [lbackup-discussion] Backup server and ssh permitrootlogin settings
Next message: [lbackup-discussion] Backup server and ssh permitrootlogin settings
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the lbackup-discussion mailing list