Created an attachment (id=1652)
ssh-add should not retry key addition without constraints if
constraints fail.
When ssh-add tries to add a key to the agent with constraints, and the
agent rejects the addition, ssh-add appears to retry the addition
without constraints.
This is dangerous behavior when the agent does not support certain
constraints. For example, if a user uses an agent (such as the current
ssh-agent implementation in gnome-keyring) that does not support
confirmation or maximum lifetime, then using:
ssh-add -t 3600
will print an error message but then proceed to re-add the key withut
the constrained lifetime. this causes the agent to retain the key far
past the specified time, an explicit contravention of the user's
declared intent.
I expect more conservative behavior from openssh when handling
sensitive material. Discarding the constraint and retrying should be a
choice left to the user, not taken automatically by ssh-add.
Created an attachment (id=1652)
ssh-add should not retry key addition without constraints if
constraints fail.
When ssh-add tries to add a key to the agent with constraints, and the
agent rejects the addition, ssh-add appears to retry the addition
without constraints.
This is dangerous behavior when the agent does not support certain
constraints. For example, if a user uses an agent (such as the current
ssh-agent implementation in gnome-keyring) that does not support
confirmation or maximum lifetime, then using:
ssh-add -t 3600
will print an error message but then proceed to re-add the key withut
the constrained lifetime. this causes the agent to retain the key far
past the specified time, an explicit contravention of the user's
declared intent.
I expect more conservative behavior from openssh when handling
sensitive material. Discarding the constraint and retrying should be a
choice left to the user, not taken automatically by ssh-add.
the attached patch should fix this behavior.