lubuntu-qa team mailing list archive

Thread
Date

Re: ssh not allowing password login if keys are an option

To: Julien Lavergne <julien.lavergne@xxxxxxxxx>
From: Jonathan Marsden <jmarsden@xxxxxxxxxxx>
Date: Sun, 10 Mar 2013 20:51:03 -0700
Cc: Lubuntu QA <lubuntu-qa@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAMZp3rkVpHsWMdf=rn5BNWXcYxr-ge6rQhT3-MkHJqY4Vd1u1g@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2

On 03/10/2013 05:48 AM, Julien Lavergne wrote:

> We had problems with SSH in the past, so we add a workaround in
> /usr/bin/startlubuntu:
> # Export Gnome-keyring variables if needed
> # See bug #664206

Thanks, this helps me understand the issue.  However, that bug refers to
using a menu item "Passwords and Encryption Keys" which does not seem to
exist in Lubuntu (latest raring daily for amd64).  So in Lubuntu, I
cannot test any effects of removing the gnome-keyring-daemon stuff that
relates to first saving keys and passphrases using that tool -- because
the tool does not seem to be present!

I *think* the original reporter of bug #664206 was not running Lubuntu,
but was running lxde on top of a GNOME-based Ubuntu installation?  In
which case, we apparently fixed a bug for non-Lubuntu users in a file
called startlubuntu, which seems odd, and in the process we seem to have
introduced some issues that *can* affect Lubuntu users.

> However, another workaround was added recently which may fix the same
> problem, without using gnome-keyring-daemon

This looks like a more 'normal' approach to me, and it works fine for me
with the gnome-keyring-daemon stuff commented out.  ssh then works the
way I expect it to, as does ssh-add.  I tested both password and keypair
based logins.  No strange additional entries in the output of ssh-add -l
at all.

I also noticed that the GUI popup passphrase prompt is replaced by the
normal SSH text mode prompt, such as

  Enter passphrase for key '/home/jonathan/.ssh/id_rsa':

which is, for me, preferable to the GUI popup in three ways:

 * It is what I expect from ssh, and so is not a surprise
 * It requires no use of the mouse to use it, so hands can stay on
   the keyboard where they belong, improving productivity
 * It provides additional information, the location of the private
   key file in use

> If people can do some testing by removing the 1st workaround and see
> if it's working as expected, that would help a lot :-) I'll be happy
> if we can remove the 1st workaround.

So will I :)  The only downside I can see is for anyone who likes the
GUI passphrase prompt.

> Note : lxsession should be configurable to start or not
> gnome-keyring-daemon at startup, using parameters under [Security],
> once the 1st workaround is removed.

Based on what I am seeing here, I'd say go ahead and remove the 1st
workaround, unless someone else has a valid objection to doing that.

Jonathan

Follow ups

Re: ssh not allowing password login if keys are an option
From: Julien Lavergne, 2013-03-11

References

ssh not allowing password login if keys are an option
From: Lars Noodén, 2013-03-09
Re: ssh not allowing password login if keys are an option
From: Jonathan Marsden, 2013-03-10
Re: ssh not allowing password login if keys are an option
From: Julien Lavergne, 2013-03-10