path: root/blog/entry/gnomesshclear.mdwn
diff options
authorSean Whitton <>2015-11-18 10:09:12 -0700
committerSean Whitton <>2015-11-18 10:09:12 -0700
commitdeb4807989d127e40e44c1192477c40e30f88180 (patch)
tree41e557cc82e01b0e76de8d4f548105023af8dfee /blog/entry/gnomesshclear.mdwn
parent675d02fc2c3d2bfb53a81db6d2c55f0dfbbd79ed (diff)
imported PyBlosxom entries and comments
Diffstat (limited to 'blog/entry/gnomesshclear.mdwn')
1 files changed, 36 insertions, 0 deletions
diff --git a/blog/entry/gnomesshclear.mdwn b/blog/entry/gnomesshclear.mdwn
new file mode 100644
index 0000000..5c434d3
--- /dev/null
+++ b/blog/entry/gnomesshclear.mdwn
@@ -0,0 +1,36 @@
+[[!meta date="2015-07-03 22:39:00"]]
+[[!meta title="Expiring the GNOME keyring daemon's SSH keys cache"]]
+[[!tag imported_PyBlosxom tech debian]]
+The GNOME keyring is very convenient; it figures out what keys you need
+to unlock and pops up the relevant dialogs to do so at the right times.
+But by default it caches them until you logoff. You can have caches of
+PGP passphrases expire:
+ gsettings set org.gnome.crypto.cache gpg-cache-ttl 300
+ gsettings set org.gnome.crypto.cache gpg-cache-method 'timeout'
+but per [this bug](
+you can't do the same for SSH keys.\[1\] An alternative is to check for
+X11 activity using the `xprintidle` utility, and clear all keys when the
+user has been idle for five minutes. This crontab entry does that:
+ #!/bin/sh
+ while true; do
+ if [ $(xprintidle) -ge 300000 ]; then
+ ssh-add -D 2>/dev/null
+ fi
+ sleep 300
+ done
+I've got Xfce running `pkill -u $USER /path/to/this/script;
+/path/to/this/script &` as part of its startup sequence.
+\[1\] You can just turn off the SSH key handling of gnome-keyring-daemon
+though I'm not sure this works in all versions of gnome-settings-daemon
+in circulation. The gconf boolean key might be