GNOME Bugzilla – Bug 516102
gnome-keyring doesn't unlock ssh keys
Last modified: 2009-02-20 15:29:10 UTC
The bug has been opened on https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/177938 "Binary package hint: gnome-keyring I used to use seahorse as an ssh-agent, it allows me have my ssh keys automatically unlocked on login, my passphrase being stored in the keyring. However since last upgrades in Hardy, it stopped working. Seahorse can't be used anymore as an ssh-agent [1] as gnome-keyring is supposed to provide one. This is true, SSH_AUTH_SOCK is now a socket file owned by gnome-keyring-daemon, but this doesn't seem to work as I have to enter my passphrase each time I login in another computer. [1] From the Seahorse NEWS file: seahorse 2.21.3 --------------- * Remove SSH proxy since gnome-keyring now has a real SSH agent."
hum, there is already an option for that, I'll ask details to the submitter
This is most likely due to the XAUTHORITY environment variable on the daemon not being set properly not working properly. Referencing the relevant bug.
That works correctly for him now, I think you can close the bug if there is already an another one about the issue
That is still happening when using autologin
Could you use 'ssh -v remotehost' and include the output of ssh? That'll tell us why its not using the agent.
Please see also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471270 If you need more information, please let me know.
the autologin issue might be a different one, the ssh agent dialog is displayed, it has not box to store the password in the keyring though which means it works only for the current session
Sebastian, that'll happen if: a) The 'login' keyring is not unlocked. b) The 'login' keyring has a blank password (and thus writes to the disk in clear text). The solution in (a) is to make sure the PAM module is installed and working properly. The solution in case (b) is either to add a password to your 'login' keyring, or to remove the password from your ssh key. But I may be wrong, as I don't know the ins and outs of your system. So please correct me if what I'm saying above doesn't make sense.
Apparently, the problem seems to be, that I have several ssh keys. Eg. the one I use for the gnome svn is called ~/.ssh/id_rsa.gnome As soon as I rename that to ~/.ssh/id_rsa and do an svn up, seahorse pops up and asks me for the password (giving me the option to store it into the gnome keyring). So, the problem in seahorse/gnome-keyring 2.22 seems to be, that it can't handle ssh keys with names different than id_rsa
the keyring has not password so that doesn't seem to be a bug there
Michael, yes automatic loading of additional SSH keys is supported. Until we have a GUI (GNOME 2.24) for this, here's how to do it: http://live.gnome.org/GnomeKeyring/Ssh
(In reply to comment #11) > Michael, yes automatic loading of additional SSH keys is supported. Until we > have a GUI (GNOME 2.24) for this, here's how to do it: > > http://live.gnome.org/GnomeKeyring/Ssh > Thanks, Stef. That indeed seems to do the trick. There is still a regression though compared to gnome-keyring/seahorse 2.20: In 2.20, seahorse noticed, whenever an (additional) ssh key was opened (as it seemed to manage both gpg and ssh keys). In 2.22, seahorse doesn't list my opened ssh keys anymore (in the systray).
irregaular names ssh keys are still an issue in gnome 2.24.
I believe the irregular ssh key names problem is fixed in 2.25.x and later.
Stef, thanks for fixing it. Will have to wait one more gnome cycle then.. Need to add a temporary hack to do a ssh-add in then session for now.
Sorry for not mentioning the work around: You can rename or link your key to something that matches the glob id_?sa. For example rename or link it to: id_zsa