lubuntu-qa team mailing list archive
-
lubuntu-qa team
-
Mailing list archive
-
Message #01905
Re: ssh not allowing password login if keys are an option
2013/3/10 Jonathan Marsden <jmarsden@xxxxxxxxxxx>:
> WORKAROUND:
>
> If you do:
>
> killall gnome-keyring-daemon
> unset GNOME_KEYRING_PID GNOME_KEYRING_CONTROL
> SSH_AUTH_SOCK=$(find /tmp/ssh-* -type s -name "agent.*" |head -1)
>
> you will then (!) have much more normal SSH operation, with the ssh
> client using your ssh-agent directly, and not via the
> gnome-keyring-daemon that apparently breaks or confuses it.
>
> I don't know quite what gnome-keyring-daemon is supposed to be doing,
> but it needs to stay out of my way! Why are we using it by default?
We had problems with SSH in the past, so we add a workaround in
/usr/bin/startlubuntu:
# Export Gnome-keyring variables if needed
# See bug #664206
if which gnome-keyring-daemon >/dev/null; then
export $(/usr/bin/gnome-keyring-daemon --start --components=ssh)
fi
See https://bugs.launchpad.net/ubuntu/+source/lxde-common/+bug/664206
for the details. That's why gnome-keyring-daemon is started everytime.
However, another workaround was added recently which may fix the same
problem, without using gnome-keyring-daemon (also in
/usr/bin/startlubuntu) :
# Start SSH agent, require since 3.5
# (see https://wiki.archlinux.org/index.php/Openbox#SSH_agent_no_longer_starting)
SSHAGENT="/usr/bin/ssh-agent"
SSHAGENTARGS="-s"
if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
eval `$SSHAGENT $SSHAGENTARGS`
trap "kill $SSH_AGENT_PID" 0
fi
If people can do some testing by removing the 1st workaround and see
if it's working as expected, that would help a lot :-) I'll be happy
if we can remove the 1st workaround.
Note : lxsession should be configurable to start or not
gnome-keyring-daemon at startup, using parameters under [Security],
once the 1st workaround is removed.
Regards,
Julien Lavergne
Follow ups
References