Ubuntu – Keyring no longer prompts for password when SSH-ing

11.10gnome-keyring

I remember that I used to be able to do ssh blah@foo.com and have a prompt asks me for a password to unlock the keyring for the whole GNOME session so subsequent ssh wouldn't need to enter the keyring password any longer (not quite sure if this is in Ubuntu or other distro).

But nowadays doing ssh blah@foo.com would ask me, in the terminal, my keyring password every single time; which defeats the purpose of using SSH keys.

I checked

$ cat /etc/pam.d/lightdm | grep keyring
auth    optional        pam_gnome_keyring.so
session optional        pam_gnome_keyring.so auto_start

which looks fine, and

$ pgrep keyring
1784 gnome-keyring-d

so the keyring daemon is alive.

I finally found that SSH_AUTH_SOCK variable (and GNOME_KEYRING_CONTROL and GPG_AGENT_INFO and GNOME_KEYRING_PID) are not being set properly. What is the proper way to set this variable and why aren't they being set in my environment (i.e. shouldn't they be set in default install)?

I guess I can set it in .bashrc, but then the variables would only be defined in bash session, while that is fine for ssh, I believe the other environment variables are necessary for GUI apps to use keyring.

Best Answer

I found this on the Arch wiki: https://wiki.archlinux.org/index.php/GNOME_Keyring

Basically, you run gnome-keyring-daemon -s to get your specific keyring value, then to your .bashrc, add:

SSH_AUTH_SOCK=`netstat -xl | grep -o '/run/user/yourusername/keyring-xxxxxxx.*/ssh$'`
[ -z "$SSH_AUTH_SOCK" ] || export SSH_AUTH_SOCK

This should make ssh ask you for your password through the keyring GUI.