SSH & Gnome Keyring Manager

Similar Messages

• "The GNOME keyring manager hijacked the GnuPG agent"

  I've run gpg from the command line and suddenly a dialog box appeared asking for my password: it even asked if I wanted to remember it.
  Meanwhile, in my bash terminal gpg had this to say:
  gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent.
  gpg: WARNING: GnuPG will not work proberly - please configure that tool to not interfere with the GnuPG system!
  Googling didn't help much, seems to be a new "feature"...
  Any idea how can I configure the keyring manager to stay away when I'm working in bash?

  I had similar situation and decided to disable gnome-keyring's ssh and gpg agents. https://wiki.archlinux.org/index.php/GN … ing_daemon
  The reason is that gnome keyring is active only when you have a GUI session active, thus it does not work for headless machines or when one SSH to the machine. It is just easier for me to use "default" agents.
  PS The ssh-agent and gpg-agent is a mess from usability/configuration point of view (without those ugly environment variables). I wish there was a systemd friendly implementation of these agents.
  PPS The latest gnupg use "use-standard-socket' config option by default, it means one does not need to start gpg-agent  and configure GPG_AGENT_INFO envvar manually. gpg will start agent for you transparently.

• [solved] What happened to gnome-keyring-manager?

  I've asked this in several places, in desparation I will try this forum.
  So what happened to gnome-keyring-manager? There used to be a nice UI to manage keyrings, but I can't find it anymore? Has it been removed from Gnome? Or from the Arch distribution of Gnome? Or is it in a separate package?
  Last edited by lardon (2009-01-26 22:11:40)

  It was replaced by Gnome with Seahorse.

• Gnome-keyring-daemon and ssh outside gnome

  I had gnome-keyring set up so that on login it unlocks the keyring and reads ssh keys (so that it acts as a ssh-agent), as described here: http://live.gnome.org/GnomeKeyring/Ssh and here http://live.gnome.org/GnomeKeyring/Pam
  This was working great also outside gnome (for instance in xmonad and openbox), up to version 2.24.1. However, after update to 2.26.0-1 this stopped working. It is still OK in gnome, but in other environments (where the only gnome thing that is loaded is gnome-keyring-manager) it doesn't work correctly - it loads, but instead of creating both /tmp/keyring-<sth>/socket and /tmp/keyring-<sth>/socket.ssh it only created the first one, so no ssh support.
  Can anyone help a bit with what has changed, or what could have gone wrong?
  Thanks.

  bender02 wrote:
  abarilla wrote:I had the same problem with openbox.  Using gdm fixed it.
  Well if this is the only way to fix this then it sucks big time, since I don't want to run a huge login manager just to unlock the passwords
  adding the content of /etc/X11/xinit/xinitrc.d/30-dbus to the ~/.xinitrc works for me.
  # launches a session dbus instance
  dbuslaunch="`which dbus-launch 2>/dev/null`"
  if [ -n "$dbuslaunch" ] && [ -x "$dbuslaunch" ] && [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
  eval `$dbuslaunch --sh-syntax --exit-with-session`
  fi
  or sourcing the 30-dbus file in the ~/.xinitrc
  source /etc/X11/xinit/xinitrc.d/30-dbus
  or for all files in /etc/X11/xinit/xinitrc.d/
  source /etc/X11/xinit/xinitrc.d/*
  That's what GDM and KDM do.
  Thanks to Jan de Groot for the hint.
  Last edited by SiD (2009-04-14 09:58:46)

• SVN over SSH won't interface with gnome-keyring

  The title about says it all. I log into my box at home and try to pull down the latest revision from an SVN server and get the following message.
  ATTENTION!  Your password for authentication realm:
     <https://*************> Subversion repository
  can only be stored to disk unencrypted!  You are advised to configure
  your system so that Subversion can store passwords encrypted, if
  possible.  See the documentation for details.
  You can avoid future appearances of this warning by setting the value
  of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
  '/home/om/.subversion/servers'.
  Is there anyway to have it store password encrypted? I found another topic which recommended running
  export `gnome-keyring-daemon`
  but that didn't solve the problem. In my subversion config I have specified gnome-keyring as a password store and it is installed on the system.

  Will a simple reboot help? (But how, without ssh )
  It might. You can issue a restart command through Server Monitor if you configured LOM properly, as I don't believe that it (Server Monitor) relies on ssh to issue commands.
  -Doug

• [SOLVED] gnome-keyring-daemon not loading SSH key password on login

  I have a SSH key that I use extensively that has a cumbersome password that I prefer not typing when possible. I know that gnome-keyring-daemon is supposed to have the ability to save the SSH key password, unlock the Passwords:logins, and act as an SSH agent; however, that functionality appears to be missing. There's a strong possibility that I broke this trying to get other things working in GNOME.
  Is there a D-Bus or PolicyKit option that I need to change?
  Solution:
  Turns out this is now handled by pam. The password key store would unlock automatically if I used gnome-screensaver but failed to unlock on X startup so I installed GDM.
  Last edited by Yorokobi (2009-10-31 17:04:50)

  More info. I have been able to get gnome-keyring-daemon to ask for and store the password when I first use the SSH key. The dialog box for entering the SSH key password does not have an option to save the password indefinitely (I forget the exact verbiage) and I can't find anything in Seahorse to do the same.

• [solved] gnome-keyring won't save the passphrase for ssh-keys

  Hello,
  I'm trying to use the gnome-keyring to store the passphrases for my ssh-keys in gnome-terminal.
  I started to generate my ssh-keys as described in this article.
  After that I transfered the key via "ssh-copy-id" to my other computer.
  Then I connected to that computer via nautilus and stored the passphrase. Now it is no problem to connect without typing in the passphrase again.
  When I try to connect to that computer via a gnome-terminal ssh asks every time for the passphrase.
  I tried a lot of things, but I can't solve this issue.
  Does anybody got an idea how to tell the gnome-keyring that it should store the passphrase for connections via terminals?
  Any help is appreciated Maybe I just don't see the solution, but I'm still new to ssh.
  Thanks in advance!
  David
  Last edited by senior_spielbergo (2011-08-02 15:01:04)

  Hi alexcriss,
  I tried to open the terminal from the application menu, but it didn't help.
  I searched the forum for "GDM keyring" and I found a few topics dealing with similar problems, but I couldn't find a solution.
  I have forgotten to tell, that when I enter
  ssh-add -L
  it returns
  The agent has no identities.
  Typing
  ssh-add ~/.ssh/id_ecdsa
  returns:
  Enter passphrase for /home/david/.ssh/id_ecdsa:
  Error reading response length from authentication socket.
  Could not add identity: /home/david/.ssh/id_ecdsa
  Maybe this helps to find the error.
  Thanks again,
  David

• Unable to get Gnome-Keyring working with nm-applet

  Hi guys
  I've installed openbox and using NetworkManager/nm-applet to manage my network connections.
  I prefer it over other utils as it has good support for mobile connections etc.
  I'm using qingy as my login manager.
  I have added the following to /etc/pam.d/qingy
  auth optional /lib/security/pam_gnome_keyring.so
  session optional /lib/security/pam_gnome_keyring.so auto_start
  and the following to /etc/pam.d/passwd
  password optional pam_gnome_keyring.so
  as per the network manager wiki http://wiki.archlinux.org/index.php/Net … fter_login
  I have the following in my session login script:
  nm-applet --sm-disable &
  I think if I remember correctly, the Gnome keyring dialog popped up once or twice in the beginning, but now it never happens. nm applet now always requests my WPA key upon login.
  My intention is to have the key stored in gnome-keyring so that I don't have to enter it every time I log in.
  Any help would be greatly appreciated.

  Hi dieghen89
  Nice to know I'm not the only one pulling out hair over here
  I was playing around and did the following:
  1. Exit nm-applet completely
  2. $ gnome-keyring-daemon --start //I know that the daemon is running. --help states that it starts or initialize an already running daemon
  3. Run nm-applet again
  And the keyring dialog actually did pop up asking for the password to unlock it.
  Now I thought a quick-fix would be to add gnome-keyring-daemon --start to my startup script before nmapplet &
  But alas. doesn't work

• Gnome-keyring-daemon crashes when blank passwords are entered.

  Steps to reproduce:
  Install fresh Arch Linux
  Install chromium, gnome, xorg-server, and xorg-xinit
  Put "exec gnome-session" in ~/.xinitrc
  Launch startx
  Open chromium
  On prompt for new keyring creation, leave password fields blank and press OK.
  Witness gnome-shell crashing.
  What's supposed to happen:
  It's supposed to prompt the user asking if it's OK to have unencrypted keys.
  What happens:
  The gnome-shell crashes, and no keyrings or passwords were set or created.
  journalctl output:
  Sep 04 21:11:04 Winston gnome-session[1417]: Window manager warning: CurrentTime used to choose focus window; focus window may not be correct.
  Sep 04 21:11:04 Winston gnome-session[1417]: Window manager warning: Got a request to focus the no_focus_window with a timestamp of 0.  This shouldn't happen!
  Sep 04 21:11:14 Winston gnome-session[1417]: Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x1600029 (New Tab - )
  Sep 04 21:11:14 Winston gnome-session[1417]: Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed.
  Sep 04 21:11:18 Winston gnome-keyring-daemon[1478]: keyring alias directory: /home/naelstrof/.local/share/keyrings
  Sep 04 21:11:31 Winston gnome-session[1417]: ** Message: init gpgme version 1.4.3
  Sep 04 21:11:31 Winston gnome-session[1417]: ** Message: DNS-SD initialization failed: Daemon not running
  Sep 04 21:11:38 Winston gnome-session[1417]: (gnome-shell:1494): Clutter-CRITICAL **: clutter_text_set_color: assertion `CLUTTER_IS_TEXT (self)' failed
  Sep 04 21:11:38 Winston gnome-session[1417]: (gnome-shell:1494): Clutter-CRITICAL **: clutter_text_set_cursor_size: assertion `CLUTTER_IS_TEXT (self)' failed
  Sep 04 21:11:38 Winston gnome-session[1417]: (gnome-shell:1494): Clutter-CRITICAL **: clutter_text_set_cursor_color: assertion `CLUTTER_IS_TEXT (self)' failed
  Sep 04 21:11:38 Winston gnome-session[1417]: (gnome-shell:1494): Clutter-CRITICAL **: clutter_text_set_selected_text_color: assertion `CLUTTER_IS_TEXT (self)' failed
  Sep 04 21:11:38 Winston gnome-session[1417]: (gnome-shell:1494): Clutter-CRITICAL **: clutter_text_get_font_name: assertion `CLUTTER_IS_TEXT (text)' failed
  Sep 04 21:11:38 Winston gnome-session[1417]: (gnome-shell:1494): Clutter-CRITICAL **: clutter_text_set_font_name: assertion `CLUTTER_IS_TEXT (self)' failed
  Sep 04 21:11:38 Winston gnome-session[1417]: (gnome-shell:1494): Clutter-CRITICAL **: clutter_text_get_font_name: assertion `CLUTTER_IS_TEXT (text)' failed
  Sep 04 21:11:38 Winston gnome-keyring-daemon[1478]: prompting failed: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus)
  Sep 04 21:11:38 Winston gnome-session[1417]: WARNING: Application 'gnome-shell.desktop' killed by signal 11
  Sep 04 21:11:38 Winston gnome-session[1417]: gnome-session[1417]: WARNING: Application 'gnome-shell.desktop' killed by signal 11
  Sep 04 21:11:38 Winston gnome-session[1417]: ** Message: applet now removed from the notification area
  Sep 04 21:11:39 Winston gnome-session[1417]: JS LOG: GNOME Shell started at Wed Sep 04 2013 21:11:39 GMT-0600 (MDT)
  Anyone got any tips to what could be wrong? It's infuriating to have it ask to create a new key, while it won't let me set a blank key.
  Giving the prompt an actual password works as intended, it's impossible to set it as a blank password, even using seahorse.
  It's acting as if something is wrong with DBus, but journalctl -u dbus shows no problems. as well as systemctl status dbus.
  Thanks for any help.
  Oh yeah and attempting to use gdm causes the gnome-session not to launch at all. Since gdm created a key, I'm guessing the problems are related.
  Last edited by naelstrof (2013-09-05 03:27:50)

  I found an acceptable workaround:
  Create a keychain with the same password as your account named "Login" using the keychain utility seahorse.
  Follow the autologin instructions for console based login here: https://wiki.archlinux.org/index.php/GN … at_Startup
  Restart X.
  gdm still fails to start x though, despite the startx command working fine.
  Uninstalling gnome-keychain works just as well though :u.
  Last edited by naelstrof (2013-09-05 05:39:09)

• Solaris 10 gnome session manager crashes on login

  There are two Solaris 10 servers at work that I cannot log into. At the login screen I choose Options --> Session --> Java Desktop System, Release 3
  and then try to log in. I get the following error message:
  "The GNOME session manager (process XXXXX) has crashed due to a fatal error. (Segmentation Fault). When you close this dialog, all applications will close and your session will exit. Please save all your files before closing this dialog."
  I was able to find one post on this error using google. It said that the user solved this problem by editing the LD_LIBRARY_PATH variable by moving /usr/local/lib to the beginning of the line. This didn't fix my problem. I logged in via ssh and double checked that the LD_LIBRARY_PATH change had saved.
  Other people can log into the server just fine. Just not me. I even completely wiped my home directory. Anybody know where I can find a fix for this?

  Just discovered that if one of the working users logs completely out, they cannot log back in. So this error affects everybody.

• Gnome-network-manager shouldn't require Gnome?

  According to its page on Gnomefiles, network-manager-applet (gnome-network-manager on Arch) doesn't need Gnome deps.
  Maybe it would be a good idea to include a version that isn't compiled for Gnome in Extra, so that people using E17 or XFCE or whatever can easily use networkmanager? If people think this is practical I'll file a feature request...

  Gullible Jones wrote:According to its page on Gnomefiles, network-manager-applet (gnome-network-manager on Arch) doesn't need Gnome deps.
  It does need gnome deps. Requires libgnomegui and gnome-keyring... in turn it also uses gconf and other things. These can't be disabled.
  James

• Gnome 3.4 gnome-keyring problem

  hey,
  just upgraded to gnome 3.4.
  First thanks for the hard work over the weekend besides your jobs and private life :-) to bring gnome 3.4.1 to extra.
  i had a problem after log in, that the desktop didn`t come up.
  Found a solution with downgrading gnome-keyring to the version 3.2.2.
  In .xsession-errors there are two lines, which could explain the behaviour:
  /usr/bin/gnome-keyring-daemon: error while loading shared libraries: libgck-1.so.0: cannot open shared object file: No such file or directory
  /usr/bin/gnome-shell: error while loading shared libraries: libgcr-3.so.1: cannot open shared object file: No such file or directory
  Any ideas to get theses libraries?
  Or are there old dependencies, that were not completely deleted?
  regards

  I had a problem with evolution and network manager with the gnome-keyring 3.4.1 update. A downgrade to 3.2.2-3 worked, but I have since re-installed (pacman -S) gnome-keyring followed by gcr. That works. Fyi, resintalling gcr then gnome-keyring did not work for me .

• Gnome-keyring-daemon will not save my passphrase

  I use Slim to log in to my Openbox session on my dear EeePC 901. What I cannot seem to do is set up my environment so that gnome-keyring-daemon not only pops up and asks for my ssh passphrases but also save them for future use. Ideally I would like gnome-keyring to unlock the keyring automatically on login. I have the pop up and ask for passphrase part figured out, but now I'm basically lost when trying to get it to remember my passphrase.
  Set up: slim-plus, logging in using my .xinitrc (below):
  ~/.xinitrc:
  source /etc/X11/xinit/xinitrc.d/30-dbus
  # gnome-keyring stuff, which almost works
  eval $(gnome-keyring-daemon)
  export GNOME_KEYRING_PID
  export GNOME_KEYRING_SOCKET
  export SSH_AUTH_SOCK
  # desktop
  eval $(cat ~/.fehbg) &
  wicd-client &
  syndaemon -i 0.7 -t -k &
  tint2 &
  # finally, launch openbox
  exec ck-launch-session openbox
  /etc/pam.d/slim (if it even matters?):
  #%PAM-1.0
  auth requisite pam_nologin.so
  auth required pam_env.so
  auth required pam_unix.so
  account required pam_unix.so
  session required pam_limits.so
  session required pam_unix.so
  session required pam_env.so readenv=1 envfile=/etc/profile.d/locale.sh
  session optional pam_gnome_keyring.so auto_start
  password required pam_unix.so
  Any hints on this? I had it running quite some time ago on another computer (no, not using GDM then either) and I didn't have this much trouble setting it all up.

  Same problem here.

• Cannot access GNOME Keyring from Systemd Unit Service

  Hi !
  I am using isync to download my IMAP mail to a directory in maildir format. I use the following line in ~/.mbsyncrc to fetch the mail password:
  PassCmd "gnome-keyring-query get mail_pw"
  My ~/.mbsyncrc is configured correctly, because I am able to fetch mail successfully when running:
  $ mbsync mymail
  I want to automate this process using Systemd User/Timer Units. The Arch Wiki page for OfflineIMAP suggests that it should be possible to configure a Systemd User service to access the GNOME Keyring if a D-Bus Systemd User service is configured correctly:
  https://wiki.archlinux.org/index.php/Of … md_Service
  I have followed the instructions here to configure a D-Bus Systemd User service:
  https://wiki.archlinux.org/index.php/Systemd/User#D-Bus
  I then created ~/.config/systemd/user/mail.timer :
  [Unit]
  Description=Fetch mail regularly
  [Timer]
  OnBootSec=1min
  OnUnitActiveSec=5min
  [Install]
  WantedBy=timers.target
  and ~/.config/systemd/user/mail.service :
  [Unit]
  Description=Service to use isync to download mail
  After=network.target network-online.target dbus.socket
  [Service]
  ExecStart=/usr/bin/mbsync -q mymail
  and enabled the timer.
  However, I see the following in the journal:
  ** systemd[730]: Starting Service to use isync to download mail...
  ** systemd[730]: Started Service to use isync to download mail.
  ** dbus-daemon[996]: Activating service name='org.freedesktop.secrets'
  ** gnome-keyring-daemon[736]: The Secret Service was already initialized
  ** mbsync[1622]: Gkr-Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
  ** mbsync[1622]: Failed to get password: mail_pw
  ** mbsync[1622]: Skipping account mymail, password command exited with status 1
  ** systemd[730]: mail.service: main process exited, code=exited, status=1/FAILURE
  ** systemd[730]: Unit mail.service entered failed state.
  ** dbus-daemon[996]: Failed to activate service 'org.freedesktop.secrets': timed out
  Any advice would be appreciated.
  Thanks.

  Hi Dude :)
  did you manage to solve the issue? I'm fighting the same thing these days.
  Thanks!

• Gnome-keyring + networkmanager: Not prompting for password

  I recently shifted from wicd to networkmanager & I want it to be that way. There is one problem that's troubling me. As a non-root user, if I connect to a new network, the nm-applet doesn't ask for passwords.
  The logs say:
  2014-07-19T08:29:45.217385+05:30 archlinux NetworkManager[20784]: <info> (wlan0): device state change: prepare -> config (reason 'none') [40 50 0]
  2014-07-19T08:29:45.217385+05:30 archlinux NetworkManager[20784]: <info> Activation (wlan0/wireless): access point 'my access point name' has security, but secrets are required.
  I run "awesome wm" and I've configured gnome-keyring via the "pam" method & I believe that it works.
  ➜ 0 /home/shadyabhi [ 9:09AM] % echo $SSH_AUTH_SOCK
  /run/user/1000/keyring/ssh
  ➜ 0 /home/shadyabhi [ 9:09AM] % echo $GPG_AGENT_INFO
  /run/user/1000/keyring/gpg:0:1
  ➜ 0 /home/shadyabhi [ 9:09AM] % ss -xl | grep -o '/run/user/1000/keyring/ssh'
  /run/user/1000/keyring/ssh
  ➜ 0 /home/shadyabhi [ 9:09AM] %
  Running "sudo nm-applet" from terminal recognizes gnome-keyring.
  ➜ 2 /home/shadyabhi [ 8:38AM] % sudo nm-applet
  (nm-applet:21840): libnotify-WARNING **: Failed to connect to proxy
  (nm-applet:21840): nm-applet-WARNING **: Failed to show notification: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.Notifications was not provided by any .servi
  ce files
  nm-applet-Message: No keyring secrets found for "my access point name"/802-11-wireless-security; asking user.
  Can anyone help me in finding out what might be wrong? Thanks.

  I had the same issue. Turns out I was using SLiM with auto_login enabled, which doesn't unlock the GNOME keyring on login (see this post). Changing auto_login to false solved the issue.