The GNOME keyring is very convenient; it figures out what keys you need to unlock and pops up the relevant dialogs to do so at the right times. But by default it caches them until you logoff. You can have caches of PGP passphrases expire:
gsettings set org.gnome.crypto.cache gpg-cache-ttl 300
gsettings set org.gnome.crypto.cache gpg-cache-method 'timeout'
but per this bug
you can’t do the same for SSH keys.[1] An alternative is to check for
X11 activity using the xprintidle utility, and clear all keys when the
user has been idle for five minutes. This crontab entry does that:
#!/bin/sh
while true; do
if [ $(xprintidle) -ge 300000 ]; then
ssh-add -D 2>/dev/null
fi
sleep 300
done
I’ve got Xfce running pkill -u $USER /path/to/this/script;
/path/to/this/script & as part of its startup sequence.
Notes
[1] You can just turn off the SSH key handling of gnome-keyring-daemon
though I’m not sure this works in all versions of gnome-settings-daemon
in circulation. The gconf boolean key might be
/apps/gnome-keyring/daemon-components/ssh.
I arrived in Tucson to start the Philosophy PhD at the University of Arizona on Monday, and I now find myself in indecision about whether I should do it or not, and I’m stalling on signing the employment papers with the university. I’ve never been in a situation like this before: having travelled all the way here, I would have expected my heart to be committed to giving it a go. But it isn’t, in fact, I’m afraid and I want to go home. For my own benefit, in this blog post, I’ll try to give the best arguments I have for attending and for not attending.