On Thu, Dec 17, 2009 at 01:20:20AM +0000, MJ Ray wrote: [snip]
http://www.ibm.com/developerworks/linux/library/l-keyc.html and parts 2 and 3 maybe explains both publickey authentication and the keychain idea better than I can here.
I went and had a good read of all this. It does explain a bit more of the 'user' side of things than I originally thought, however it's quite old of course so doesn't really help much explaining gnu-keyring, seahorse etc.
When I'd got to the end it I really felt that the considerable extra complexity of using ssh-agent, ssh-add, keyring and remote authentication is counterproductive. The possibilities for getting something wrong and thus losing the extra security are significant.
I also think that 'selling' Public Key authenticated logins as 'passwordless' is misleading. To do it securely you *still* need to remember a key of some sort. In addition with Public Key the key *has* to be kept in a file somewhere and you're relying on the passphrase encryption to protect it. With password login there is nothing written down or in a file, it's simply in your head.
Still, enough of this maundering on, thanks for all the help and it *has* given me some ideas and thoughts on how to keep things reasonably secure.