Hallo Frank, 17.12.18 19:44 Frank: > ssh-add remembers old keys that I am not using for weeks. They still > show up after reboot and after ssh-add -D. We already figured out that it is not ssh-agent, but gpg-agent. ssh-add doesn't store anything, it just talks to ssh-agent or something else speaking its protocol, btw. > There is a bug report about gnome-keyring which states that you can't > delete keys which are imported by i.e. gnome-keyring. Problem is that I > don't have gnome-keyring installed but maybe the keys are stored > somewhere else? > > This bug is important because it keeps me from login in with ssh to > devices that disconnect after 3 connect attempts. I have to specify the > key to use manually. You might want to use something like that in your .ssh/config: Host *.example.com IdentityFile ~/.ssh/id_example.com.pub IdentitiesOnly yes Host *.example.org IdentityFile ~/.ssh/id_example.org.pub IdentitiesOnly yes IdentitiesOnly prevents ssh offering all the keys from your agent even when you have specified the key. That way you can keep all keys in your agent. Please either close this bug or reassign to gpg-agent and perhaps rephrase what you expect gpg-agent to do. Quoting gpg-agent(1): ----8<----8<----8<---- SSH Keys, which are to be used through the agent, need to be added to the gpg- agent initially through the ssh-add utility. When a key is added, ssh-add will ask for the password of the provided key file and send the unprotected key material to the agent; this causes the gpg-agent to ask for a passphrase, which is to be used for encrypting the newly received key and storing it in a gpg-agent specific directory. ----8<----8<----8<---- Grüße Timo
Attachment:
signature.asc
Description: This is a digitally signed message part.