How to stop passwords being cached?

[Karl Auer]

Can anyone tell me how (on Ubuntu 20.04) I can stop passwords and keys
from being cached? Or (reliably and predictably) set a timeout period
for how long they are cached?

Ideally I would be able to set a simple timeout on ssh and GPG
passphrases, but failing that I would prefer to be asked every single
time.

Right now, when I am logged in it seems that all my passphrases are
being remembered, for the entire session. Sometimes, apparently
randomly, I get asked for one.

I have found that if I send a HUP signal to the running gpg-agent
process, it will prompt me for GPG passwords next time they are needed.
It asks if I want to save the passphrase in my keyring. I do NOT check
that box, and I cannot find the password in my keyring, but am never
asked for that passphrase again, at least not in the current session.

I have used dconf-editor to set a 20-second gpg-cache-ttl and changed
the mode from "session" to "idle", but it seems to have no effect at
all.

Similarly I can run "ssh-add -D" and my system forgets all the ssh
passphrases it has learned, but it immediately starts learning them
again, with no apparent time limit except perhaps the session. The ssh
agent appears to be the gnome keyringdaemon, which doesn't appear to
have any timelimit options (as ssh-agent does).

Is there a way to reliably cause an Ubuntu 20.04 system to forget ssh
and GPG passphrases either completely (i.e., require them to be input
every time they are used) or for a predictable period?

Basically I want my ssh and GPG keys to remain passphrase protected
even if someone happens to get access to my unlocked system or
compromise my login password.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer

GPG fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170
Old fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D