You are not logged in.
This article: https://wiki.archlinux.org/title/GNOME/Keyring suggests adding the following to .bash_profile:
if [ -n "$DESKTOP_SESSION" ];then
    eval $(gnome-keyring-daemon --start)
    export SSH_AUTH_SOCK
fiHowever, it seems that since recently, gnome-keyring-daemon is started automatically by systemd, so starting it again from the .bash_profile seems superfluous (plus it echoes an annoying message: "discover_other_daemon: 1"). I was able to create a unit file override for gnome-keyring-daemon.service that looks like this:
[Service]
ExecStart=
ExecStart=/usr/bin/gnome-keyring-daemon --foreground --components="pkcs11,secrets,ssh" --control-directory=%t/keyring(so it simply includes ssh in the list of components, which is not present in the original unit file).
However, this is not enough, because you must also export the SSH_AUTH_SOCK environment variable. My solution was to add this to .bashrc:
export SSH_AUTH_SOCK=/run/user/$(id -u)/keyring/sshHowever, this all seems a bit too involved. I'm wondering if there's a better method. Is there another way to export this environment variable - perhaps from the unit file? There is also the socket unit (gnome-keyring-daemon.socket), which sounds like the perfect candidate to deal with exporting this variable.
Or perhaps there's a better way to do what I'm trying to do (which is simply to unlock the SSH key when I login). How do you folks do this?
Last edited by Pavle (2022-06-13 14:58:30)
Offline

I use keychain.
Eenie meenie, chili beanie, the spirits are about to speak -- Bullwinkle J. Moose
It's a big club...and you ain't in it -- George Carlin
Registered Linux user #149839
perl -e 'print$i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10); '
Offline
Thanks merlock! I wasn't aware of that method. However, if I'm reading this right:
You will only be prompted for your passphrase once each time the machine is rebooted
it seems that you need to unlock your keys every time you reboot your machine. The advantage of gnome keyring is that you only need to enter it the very first time you run an ssh command and after that it is stored in the keychain.
Offline
I haven't tried it, but further down (Tips) it says
if you do not want to be immediately prompted for unlocking the keys but rather wait until they are needed, use the --noask option.
Offline
That doesn't solve the problem. You'd still be prompted for the password every time you need to use ssh - albeit only once in each "session" (for lack of a better word). Gnome keyring seems like a more elegant solution to me.
Offline
Ah, yes, well, then just keep using that. And maybe track https://bbs.archlinux.org/viewtopic.php?id=277192
Offline

it seems that you need to unlock your keys every time you reboot your machine.
You'd want your keys persistent across *reboots*?? Besides, (for me) that's not quite true. I'm not prompted for anything until I open a terminal (or teminal-based) application.
With the proper configuration(s) (SSH/GPG) you can set indefinite time-out(s).
You'd still be prompted for the password every time you need to use ssh
Nope. As long as your passphrase hasn't timed-out, you're good to go. Ex:
Machine rebooted for kernel update. Open a terminal, put passphrases in, then close it.
Hour later, open a terminal, SSH to my RPi. No passphrase. Finish, log out and close terminal.
Couple of hours later, open another terminal, look up a password in pass. No passphrase.
Anyway, for *me*, it just works.
Eenie meenie, chili beanie, the spirits are about to speak -- Bullwinkle J. Moose
It's a big club...and you ain't in it -- George Carlin
Registered Linux user #149839
perl -e 'print$i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10); '
Offline
I'll close this in favor of https://bbs.archlinux.org/viewtopic.php?id=277192. I'll add my initial comment there.
Offline