You are not logged in.
Hi all,
I'm trying to get my ssh keys unlock upon logging into gnome, so that some back-up scripts to remote locations can run automatically.
I follow the wiki for keyring , but I get the following when trying to add my ssh key password to the keyring.
$ /usr/lib/seahorse/ssh-askpass my_key
seahorse-Message: 18:47:26.136: passphrase-prompt.vala:201: could not grab keyboard: 3Any thoughts?
Many thanks all.
Last edited by LiamMcCalloway (2021-08-27 07:48:16)
Offline
Solved by using a password-lesskey
Offline
Old post, but other people might land here just like me, particularly if they do not use a full-blown login manager or desktop environment.
You can force Seahorse to remember the password with this kind of command:
secret-tool store --label="Unlock password for id_rsa" unique ssh-store:$HOME/.ssh/id_rsaUse this one to check the password was saved:
secret-tool lookup unique ssh-store:$HOME/.ssh/id_rsaSee this Gnome issue as well as this.
Last edited by FMB (2025-01-01 22:55:55)
Offline
The Arch Wiki says in the section Setup gcr:
1. Enable the gcr-ssh-agent.socket systemd user unit.
2. Start once the gcr-ssh-agent.socket systemd user unit. This will create socket file $XDG_RUNTIME_DIR/gcr/ssh. Once file is created, 1st step is sufficient to have socket unit started automatically.
3. Manual configuration of SSH_AUTH_SOCK environment variable shall not be necessary, if gcr-ssh-agent.socket unit is active. The value of SSH_AUTH_SOCK environment variable shall be set to $XDG_RUNTIME_DIR/gcr/ssh after user logs out and logs in. This is known to work with Gnome Console application for user using fish as default shell.
I've performed the first two steps under Xfce. But still got non-graphical prompts for the passphrase each time. After a lot of searching, debugging and experiments, figured out that the problem was in the environment variable SSH_AUTH_SOCK in a terminal emulator where I tried to use ssh (through git). The value of SSH_AUTH_SOCK was something like /tmp/ssh-XXXXXXbEYjOq/agent.3412 instead of the necessary $XDG_RUNTIME_DIR/gcr/ssh (that should expand to something like /run/user/1000/gcr/ssh). Then I noticed a stray running process ssh-agent not started by gcr-ssh-agent.
Eventually determined the parent process by means of the idea I created a fake executable which basically only logged the parent command: from this question. The culprit was xfce4-session. With this info, I finally resolved the issue as follows:
1. Turns out that xfce4-session starts its own ssh-agent process, which can be disabled as described on another Arch Wiki page. I opted to "simply tick the checkbox Launch GNOME services on startup", which does not seem to interfere with the gnome-keyring-daemon process started by /usr/lib/systemd/user/gnome-keyring-daemon.service.
2. Now the interfering ssh-agent process no longer started, but the value of SSH_AUTH_SOCK became empty and the same non-graphical passphrase prompt persisted. Manually setting the environment variable via
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gcr/sshmade the prompt work, but only in the current terminal emulator. Appending this export command to ~/.bashrc made it work in any new terminal emulator instance/tab.
Now I get the expected graphical prompt whenever I use a new SSH key for the first time. Checking a checkbox in the prompt saves the passphrase in the keyring. The saved passphrases are unlocked automatically on login.
The only remaining bug is that when I modify the passphrase of an already saved SSH key via ssh-keygen -p, log out and log in again, attempting to use the updated key (e.g. by running git fetch) just hangs. A workaround is to find and edit the saved passphrase in Seahorse.
Offline