login about faq

When you run Tectia SSH Client on Windows, and you use public-key authentication, your passphrase is automatically cached. Is there a way to disable this caching, or to cause the cache to be cleared when the client exits?

It's easy to close your Tectia client windows and forget to clear the cache by hand... potentially leaving an avenue for an attacker to get into your remote server without a passphrase. (Just compromise the PC where the passphrases are cached.)

Thank you.

asked Jan 19 '15 at 19:37

DanB's gravatar image

DanB
218911


Hi DanB,

When it comes to passphrases of keys nothing is stored anywhere else than temporarily in memory of the user process. That is for the runtime of ssh-broker-g3 process. Normally, when you log off from windows machine all that information is lost (all processes in that session are killed) and next time you login and try to connect somewhere you will need to provide passphrase again.

If you are unhappy even with that, you can manually clear these "passphrases"/PINs either from the system tray icon (ssh-broker-gui status monitor process -- go to "Keys" tab, right-click on your key and select "Clear cached PIN") or using command-line tool ssh-broker-ctl:

ssh-broker-ctl key-passphrase --clear 123

It is also possible to configure connection broker so that it clears the paraphrases automatically after pre-defined period of time. You can re-define the default UserKeys location e.g. like this:

      <user-keys directory="C:\Users\martind\AppData\Roaming\SSH\UserKeys"
                 passphrase-timeout="25"/>

And all passphrases will be removed from memory after 25s. Unfortunately, I am afraid this feature is missing from the configuration UI for some reason, so you will have to write it manually.

It is actually so that the client contains authentication agent (via Connection Broker process ssh-broker-g3). So it behaves as if you would be using agent. That is because you actually are using it.

See also the documentation.

Please let me know if you have any other questions,

Regards,

Martin

link

answered Jan 19 '15 at 23:57

Martin%20Dobsik's gravatar image

Martin Dobsik ♦
599126

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×29
×3
×2

Asked: Jan 19 '15 at 19:37

Seen: 3,464 times

Last updated: Jan 19 '15 at 23:57

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.