The Linux Page

Gnome Keyring stopped working...

At some point in time, I upgraded Ubuntu and my Gnome Keyring stopped working. So each time I do ssh I have to enter the password at the prompt and that's a bit annoying after a while (depends how much I access the servers, obviously.)

I read many threads ZERO of them gave me an answer I want to hear. All of them speak of things that do not make sense in that situation. So I tried to install a brand new clean 14.04 server + ubuntu-desktop and guess what... Gnome Keyring is installed and everything makes me think that is is correctly installed (I get the correct SSH_AUTH_SOCK value) and yet I still get a terminal prompt.

The Actual Proper Solution (for now)

Okay! So it works, but it's annoying. The fact is that at some point I added a new key and could not connect using that key. The reason was because I had too many keys under my ~/.ssh directory.

To paliate to that problem, I decided to add a sub-directory named other_keys and move all my keys in there. At least that fixed the ssh client which then stopped complaining about having too many keys. However, that was not a good solution because the result was that the SSH agent would not be fed those hidden keys.

I moved one of my keys back to ~/.ssh and I get the normal prompt again. Hurray!

What is sad, this far, is that the keys present right under ~/.ssh do work by being added to the ssh-agent without asking me for my passphrase until I try to connect to the remote computer. However, if I try to use ssh-add directly, there seem to be no options to do the same thing from the command line. I will be looking further for that possibility... that way I could just add all the files in my sub-directory.

Note:

There is a way to define many IdentityFile entries in your ~/.ssh/config file, however that will eventually make ssh fail, just the same as when you have too many keys in ~/.ssh. I guess that the ssh developer really very strongly believe that you should have a single key. Only, if your one key gets compromised, then all the computers with that one .pub key are compromised at once. Just like using the same password for Facebook and your bank account. (Hint Hint!)

Manually

Just in case, I tried manually and it works just fine. If you want to make sure that the SSH agent works on your system, then do this:

ssh-add ~/.ssh/my_private_key
Password: ****
ssh-add -l

This will add the key to the keyring. After that you can use your SSH key without having to re-enter the password each time. The -l (lowercase L like list) command line option lists the various key that were loaded to the keyring thus far.

Kill Input /dev/tty

This one solution, I do not like because there is really NO reason why SSH would react differently today than it was before so why should I start it in a different way. Also that's kind of the only place where I found that solution:

alias ssh="setsid ssh"

Plus it should have been there before and I had never heard of setsid.

Not only that, it makes absolutely no sense. Although it works as in it opens the popup as expected, once SSH started, you do not have access to the shell since your system disconnected stdin from that software. Again, I do not get the intend of this one!?

Source: https://unix.stackexchange.com/questions/83986/tell-ssh-to-use-a-graphical-prompt-for-key-passphrase

Invalid SSH_AUTH_SOCK

Some people have problems when starting their terminal and get an invalid SSH_AUTH_SOCK if defined at all (see Invalid Start Order below).

That has been all good all the time for me. The path does point under:

/run/user/1000/keyring-XXX/ssh

Exactly as expected.

Source: https://wiki.archlinux.org/title/GNOME_Keyring

Invalid Starting Order

It looks like there was a problem with the order in which things got started. I double checked and the necessary patch was installed and thus this is not likely a problem anymore. Using Ctrl-Alt-T to start a terminal, the terminal has the correct variables (SSH_AUTH_SOCK at least) and yet my system still does not automatically call ssh-add.

If you think you have this problem, run this command once in your terminal and try SSH again. If you still see the prompt in your terminal, then it is not doing anything (you probably already have the fix).

gnome-keyring-daemon -s

Source: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1271591