Ssh – How to solve this ssh-agent problem

gitgnome-keyringsshssh-agent

I'm using Linux Mint, and have not been able to get gnome-keyring to unlock automatically at login, it seems.

A symptom of my problem is as follows:

$ ssh-add
Identity added: /home/me/.ssh/id_rsa (/home/me/.ssh/id_rsa)

$ git pull
WARNING: gnome-keyring:: couldn't connect to: /tmp/keyring-Nmf3J3/pkcs11: No such file or directory

How can I make it that git can push/pull without any passphrase input from me?

I realize there's several things here with gnome-keyring, and ssh-agent, but have not been able to nail it down.

Running ssh-add during a session means that I am no longer asked for my passphrase for SSH/git.

The problem is that I would need to run ssh-add during each session – I must be missing how to have Gnome's keyring unlock at login.

$ export | grep GNOME          
GNOME_KEYRING_CONTROL=/tmp/keyring-hjMM4V
GNOME_KEYRING_PID=1961

It happened again during the same session as the first edit. I did git pull and got WARNING: gnome-keyring:: couldn't connect to: /tmp/keyring-hjMM4V/pkcs11: No such file or directory.

$ env | grep SSH
SSH_AGENT_PID=2116
SSH_AUTH_SOCK=/tmp/ssh-OACxJMBY2038/agent.2038

$ ps -fp $SSH_AGENT_PID
UID        PID  PPID  C STIME TTY          TIME CMD
eoin      2116  2038  0 09:47 ?        00:00:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session x-session-manager

Best Answer

What is meant to happen is:

You start a gnome session, part of that a gnome-keyring daemon (which also acts as a ssh agent) starts and the environment of anything started during that gnome session is updated with information on how to contact that ssh agent. The password you issue upon graphically logging in is used to unlock the default keyring.

When you use gnome-keyring as a ssh-agent, you don't want to use another agent like ssh-agent.

When your X session terminates, so does gnome-keyring. But your tmux session remains. Then, even if you start another gnome-keyring or ssh-agent, the environment of the processes already started by tmux won't be able to talk to it unless you update their environment with the path of the new socket.

What you could do is:

gnome-keyring-daemon -r > ~/.gkr

And do . ~/.gkr in all the shells you want to use the new gnome-keyring

Beware though of which DISPLAY that gnome-keyring-daemon is going to connect to.

Related Question