First reported by me as https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/505278 Example: $ ssh-add -l 2048 7d:01:74:bd:a6:7f:58:3f:57:e0:1b:da:a0:31:a8:ae hggdh@xango2 (RSA) $ ssh-add -D All identities removed. $ ssh-add -l 2048 7d:01:74:bd:a6:7f:58:3f:57:e0:1b:da:a0:31:a8:ae hggdh@xango2 (RSA) In Ubuntu 9.10 and Lucid (alpha)
Are you using ssh-agent or the GNOME thing that Ubuntu uses?
I was not starting myself the ssh-agent. It seems ssh-agent is alwasy started for logged in user, on Ubuntu 9.04, like: /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/userfoo/.gnupg/gpg-agent-info-lcwood /usr/bin/dbus-launch --exit-with-session /usr/bin/pulse-session /usr/bin/seahorse-agent --execute gnome-session After killall ssh-agent (and no ps aux ssh-agent for my user) still there is identical problem, ssh -l shows all keys, -D does not change anything.
ok, so the problem is with whatever ssh-agent that Debian is using (probably seahorse-agent). They aren't using the OpenSSH one. The problem is not with OpenSSH's ssh-add - it just sends the "delete all keys" message (specified in [1]) and trusts that the agent does the right thing. OpenSSH's certainly does. I suggest that you follow up with the developers of seahorse-agent - this is a significant security bug as it could leave keys exposed when the user thought they deleted them. [1] http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD
Hmm but killing everything reported by ps aux | grep ssh-agent and grep seahorse, including dbus session, did not help, still ssh-add -l lists all my keys. killall seahorse-daemon seahorse-agent ssh-agent If all of this are killed then who is still keeping my keys?
I'm having the same issue on a Fedora 10 machine; Seahorse is not installed and ssh-agent is not running. I believe the buggy agent that is causing this is gnome-keyring-daemon.
Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1