{"id":423,"date":"2009-10-06T21:31:11","date_gmt":"2009-10-06T19:31:11","guid":{"rendered":"http:\/\/www.kill-9.it\/blog\/?p=423"},"modified":"2009-10-06T21:31:11","modified_gmt":"2009-10-06T19:31:11","slug":"snow-leopard-ssh-agent-and-an-everlasting-memory","status":"publish","type":"post","link":"https:\/\/www.kill-9.it\/blog\/index.php\/2009\/10\/06\/snow-leopard-ssh-agent-and-an-everlasting-memory\/","title":{"rendered":"Snow Leopard, ssh-agent and an everlasting memory"},"content":{"rendered":"<p>If you recently switched from an older (pre 10.6) version of OS X to the latest baby, and have the old habit of using ssh to connect around, you may have noticed a singular behaviour: while the older versions always asked you for a passphrase (<em>you <strong>have<\/strong> a passphrase set on your private key, right?<\/em>) the new OS 10.6.x does it <strong>just the first time<\/strong> you use it.<\/p>\n<p>Now, no doubt it is handy and user-friendly and automagical and&#8230; but I feel it disturbing: if by chance I hand over the laptop to somebody for a quick glance at a web page, for example, she can use it to connect anywhere without my consent &#8212; ok, I&#8217;m oversimplifying, but you get the idea.<\/p>\n<p>The mistery lies into our old friend ssh-agent: it is spawn using<br \/>\n<code>\/System\/Library\/LaunchAgents\/org.openbsd.ssh-agent.plist<\/code><br \/>\n<em>[on a single line for yout copying pleasure]<\/em> as a configuration file and it will cache your passphrase the first time you use ssh.<br \/>\nUp to here it&#8217;s fine.<\/p>\n<p>What is troublesome to me is that the default cache time is unlimited (see the man page, this is the default behaviour when it is launched without specifying a &#8220;-t&#8221; option) therefore it will never forget the passphrase until I logout &#8212; being the only user of my laptop, this does not happen often.<\/p>\n<p>Enter the joy of xml configuration files: edit the <code>org.openbsd.ssh-agent.plist<\/code>, and add the option to your liking, that is change this<br \/>\n<code><br \/>\n&lt;array&gt;<br \/>\n&lt;string&gt;\/usr\/bin\/ssh-agent&lt;\/string&gt;<br \/>\n&lt;string&gt;-l&lt;\/string&gt;<br \/>\n&lt;\/array&gt;<br \/>\n<\/code><br \/>\nto something like this<br \/>\n<code><br \/>\n&lt;array&gt;<br \/>\n&lt;string&gt;\/usr\/bin\/ssh-agent&lt;\/string&gt;<br \/>\n&lt;string&gt;-l&lt;\/string&gt;<br \/>\n&lt;string&gt;-t&lt;\/string&gt;<br \/>\n&lt;string&gt;120&lt;\/string&gt;<br \/>\n&lt;\/array&gt;<br \/>\n<\/code><br \/>\nif a couple of minutes of &#8220;grace period&#8221; suit your usage.<br \/>\nThen, just kill the process &#8212; it will spawn again the next time you use ssh.<\/p>\n<p>[By the way:<br \/>\nDear Internet, posting code like the XML up here sucks big time.<br \/>\nIt took me more time to format the two snippets to render correctly then writing the whole post.<br \/>\nWhat do you use to ease this pain?<br \/>\nthank you.]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you recently switched from an older (pre 10.6) version of OS X to the latest baby, and have the old habit of using ssh to connect around, you may have noticed a singular behaviour: while the older versions always asked you for a passphrase (you have a passphrase set on your private key, right?) &hellip; <a href=\"https:\/\/www.kill-9.it\/blog\/index.php\/2009\/10\/06\/snow-leopard-ssh-agent-and-an-everlasting-memory\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Snow Leopard, ssh-agent and an everlasting memory&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,6,3,4],"tags":[],"class_list":["post-423","post","type-post","status-publish","format-standard","hentry","category-apple","category-english","category-geek","category-security"],"_links":{"self":[{"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/posts\/423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=423"}],"version-history":[{"count":38,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/posts\/423\/revisions"}],"predecessor-version":[{"id":461,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/posts\/423\/revisions\/461"}],"wp:attachment":[{"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}