GNOME Bugzilla – Bug 528260
Always asks for all SSH passphrases
Last modified: 2008-08-17 15:00:19 UTC
Every time a SSH command is issued, like login to a remote host, I get the dialog box asking me for the passphrase of my id_rsa key. Even when this key will be of no use to log in to the said server, the passphrase is asked. To avoid unlocking a key I don’t want to use, I have to click *twice* on "reject" each time I type a ssh command. This almost makes gnome-keyring unusable as a whole. The causes look pretty similar to bug#413278; it seems the daemon tries to unlock all keys everytime an operation is issued, even when not needed.
Could you copy and paste (or screenshot) the contents of the prompt? I'm interested in exactly which prompt it is.
The message is: An application wants access to the private key 'id_rsa', but it is locked. It seems that op_request_identities unconditionnally loads all ssh keys found, and the following code (gkr-pk-privkey.c) then loads the corresponding private keys: /* 'Import' the public key from the private key */ if (force && !key->priv->s_key) { if (!load_private_key (key)) goto done; }
Hmmmm, I can’t reproduce the bug anymore after an upgrade and a logout/login cycle. Now gnome-keyring only asks for the passphrase when needed. Sorry for the noise. I’m closing this for the moment and will try to provide more information if it happens again.
After deleting and re-generating my SSH keys after the recent issue, this bug is back. Again, it asks to unlock a key that is useless for the host I’m connecting to.
OK, I think I’ve got it. As soon as I have used gnome-keyring to unlock the key *once*, the bug does not happen anymore. Until I do that, .ssh/id_rsa.keystore does not contain the public-key= field, and without that information, gnome-keyring will ask to unlock the private key.
This is now fixed. gnome-keyring uses the id_rsa.pub file to read the public-key information.