Re: Gnome keyring and ssh passphrase

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, May 21, 2018 at 5:35 PM, Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote:
On 05/21/2018 06:37 AM, Gianluca Cecchi wrote:
I was in Mate up to some days ago and the ssh passphrase was in need to be inserted only once in mater-terminal, because I had this in my .bashrc (I think)

export SSH_ASKPASS="/usr/bin/ksshaskpass"

 Not exactly.  The "askpass" setting only controls which UI will be used to prompt you for your passphrase when adding a key to the agent.  It doesn't determine whether or not an agent is running.

In GNOME, you should see a process named gnome-keyring-daemon, and a child process named ssh-agent.  The agent process is the one that holds your keys in memory temporarily and handles public key authentication.

Hello,
thanks for answering.

Yes, I have

g.cecchi  1940     1  0 08:30 ?        00:00:02 /usr/bin/gnome-keyring-daemon --daemonize --login

and

g.cecchi  1937  1924  0 08:30 ?        00:00:00 /usr/bin/ssh-agent -a /run/user/1000/ssh-agent.socket

(this one is child of:
g.cecchi  1924     1  0 08:30 ?        00:00:00 /usr/lib/systemd/systemd --user
)



Now I see that my gnome-terminal continues to ask my passhprase without giving chance to save it into its keyring.

 It seems there is a bug in the current release of gnome-keyring which will cause you to be unable to use any ssh keys if you have one or more "bad" public keys in ~/.ssh.  Check that directory for any file whose name ends in ".pub".  If you find any that don't have a matching private key, or any in the old RSA1 format, move them to a different directory or delete them.

If you don't see any bad public keys, check the output of the "echo $SSH_AUTH_SOCK" command in a terminal, as well as the output of "ssh-add -l".


Inside my .ssh dir I have two public/private keys and if I run "ssh-keygen -l -f"  against the 2 private key files, I get

2048 SHA256:omS0TcBvEGXvRL6IdOv+JRkbnBavXDxKCjTzzENcyFY no comment (RSA)

and

1024 SHA256:EyG8zjKsHLLbHGsG5hewWh5m2iX9WIyB4XkIKcndq6w no comment (DSA)

They should be ok, so.

And also:

$ echo $SSH_AUTH_SOCK
/run/user/1000/keyring/ssh
$

Do you have number of bugzilla?
Gianluca
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/CO2Q23DG57IBKWWXUXINHMDHVDD62PIH/
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux