I have to ssh-add my keys every session despite using GNOME Keyring

Jubijub · 2018-10-14 14:48:01

Steps to reproduce :
- fresh install of Arch
- gnome-keyring and seahorse installed on a GNOME started via GDM.
* the keyring is named Login, and it has the same password as my user.
- .zsh env exports SSH_AUTH_STOCK, and printenv shows the value to be SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
- keys are in ~/.ssh, and the problem happens whether I use RSA or ED25519.
* Public keys are named the same as private keys with the suffix .pub
* I chmoded 600 all the keys

- key added via ssh-add ~/.ssh/id_rsa
* it does prompt for my passphrase
* at this point the key is usable, i can use git without it prompting for my passphrase
- passphrase added via /usr/lib/seahorse/ssh-askpass id_rsa

Expected result
- the key is visible in seahorse
- after a reboot, the keyring should unlock automatically
- after reboot, it should NOT prompt for my passphrase anymore

Actual results
- the key is visible in seahorse
- after a reboot, the keyring should unlock automatically
- after a reboot, trying to use the key results in a popup asking for my passphrase. Even if I enter the right passphrase, the box comes again and again

Workaround :
If I ssh-add the key again, I can use the keys without retyping the passphrase for the current session.

qinohe · 2018-10-14 16:41:03

Hi Jubijub, is the keyring file named 'Login' typo?, may need to change it to 'login'.

The rest looks okay

If I have the time I try it. I always unlock things myself, sessions are mostly left open for days.

Btw. You should not need to use 'ssh-add' if setup properly, just login to one server and your key will be available for other connections.

Jubijub · 2018-10-14 20:34:15

I noticed this, the doc says 'login' but mine is Login. It's the default keyring, I didn't create it.
I'll try with a new one called 'login'

I am not sure I get your comment about the ssh-add.
What I mean is that I have to 'ssh-add' at the begining of each new GNOME sesson (after a reboot for instance).
Once I've done that, any ssh connection works straight away without having to redo ssh-add or type any passphrase.

My concern is that as soon as I reboot, I have to redo ssh-add. I don't mind if I have to retype the passphrase, but I would like to avoid having to do ssh-add every time.
The weird part is that the first ssh-add, it does show in seahorn. It's as if seahorn saw it has the key, but didn't manage to unlock it with my passphrase.

jasonwryan · 2018-10-14 20:41:16

https://wiki.archlinux.org/index.php/GN … g#SSH_keys

qinohe · 2018-10-14 20:45:09

Jubijub wrote:

I noticed this, the doc says 'login' but mine is Login. It's the default keyring, I didn't create it.
I'll try with a new one called 'login'

Well, it may be a typo in the wiki, it's the default created!, I have created login, installed lightdm and set it up.

I am not sure I get your comment about the ssh-add.
What I mean is that I have to 'ssh-add' at the begining of each new GNOME sesson (after a reboot for instance).
Once I've done that, any ssh connection works straight away without having to redo ssh-add or type any passphrase.

If the keyring is setup properly you get a small input screen for the passphrase to enter, after you just 'ssh user@adress'.

My concern is that as soon as I reboot, I have to redo ssh-add. I don't mind if I have to retype the passphrase, but I would like to avoid having to do ssh-add every time.
The weird part is that the first ssh-add, it does show in seahorn. It's as if seahorn saw it has the key, but didn't manage to unlock it with my passphrase.

That should not be the case after you input the passphrase and clicked the checkbox to remeber it you shouldn't need to input it again.
I just tried that and it seems to work;)

Jubijub · 2018-10-14 21:05:58

If the keyring is setup properly you get a small input screen for the passphrase to enter, after you just 'ssh user@adress'.

that's exactly my problem : I do get that popup, but I can type my passphrase 10 times, the popup keeps coming back...

qinohe · 2018-10-14 21:07:36

Did you also click the checkbox 'remember my input' ?

That may seam a useless question, but you don't say so I don't know.

I know it's accepting the key for 1 session as you say in #3

Once I've done that, any ssh connection works straight away without having to redo ssh-add or type any passphrase.

Or there is something incorrect the way you configured/installed it or you forgot the checkbox?

Last edited by qinohe (2018-10-14 21:52:52)

Jubijub · 2018-10-16 20:49:33

The box doesn't take my passphrase... It keeps coming back up...

qinohe · 2018-10-17 12:34:50

Jubijub wrote:

The box doesn't take my passphrase... It keeps coming back up...

I was still giving this the benefit of the doubt, after #4 from @jasaonwryan, but if that's whats happening you should visit that post, there's something wrong with that key-pair!

If that's not the case, than there's something seriously wrong the way things are configured, I'm not attacking you but you run out of options;)

Both GDM and LightDM are working in one go.

Jubijub · 2018-10-17 22:15:04

Is there a maximum size on the passphrase?

I tried ED25519 and RSA, same issue

Regarding the post, I did follow it, several times...I posted my conf on first post.
I am also certain the key works as when I ssh-add it, I can use it with Gitlab with an ssh@git connection

It seems the issue is around seahorse, when the popup asking for my password appears it says it fails to grab my keyboard... But I can type in the box...

qinohe · 2018-10-17 22:56:44

Jubijub wrote:

Is there a maximum size on the passphrase?

arbitrary

I tried ED25519 and RSA, same issue
Regarding the post, I did follow it, several times...I posted my conf on first post.
I am also certain the key works as when I ssh-add it, I can use it with Gitlab with an ssh@git connection
It seems the issue is around seahorse, when the popup asking for my password appears it says it fails to grab my keyboard... But I can type in the box...

Have you set your locale?

What is in your bash_profile or zshenv?

Arch Linux

#1 2018-10-14 14:48:01

I have to ssh-add my keys every session despite using GNOME Keyring

#2 2018-10-14 16:41:03

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#3 2018-10-14 20:34:15

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#4 2018-10-14 20:41:16

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#5 2018-10-14 20:45:09

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#6 2018-10-14 21:05:58

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#7 2018-10-14 21:07:36

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#8 2018-10-16 20:49:33

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#9 2018-10-17 12:34:50

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#10 2018-10-17 22:15:04

Re: I have to ssh-add my keys every session despite using GNOME Keyring

#11 2018-10-17 22:56:44

Re: I have to ssh-add my keys every session despite using GNOME Keyring

Board footer