Ask Your Question
1

GNOME Keyring isn't automatically loading/unlocking my SSH keys

asked 2015-07-29 17:23:54 -0600

terrycloth gravatar image

updated 2016-07-20 02:38:48 -0600

I'd like to have my SSH keys automatically loaded and ready to go when I log into my desktop. That's what the GNOME Keyring is supposed to do, right?

I'm on a recent installation of Fedora 22 x64.

I can confirm that the GNOME Keyring is running.

$ ps aux | grep -i keyring

terrycl+ 3087 0.0 0.1 407552 9300 ? SLl 14:15 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login

And GNOME Keyring as set a value for the $SSH_AUTH_SOCK environment variable: /run/user/1000/keyring/ssh which I believe is the expected value here. But it has not added any of the keys to the GNOME Keyring SSH agent.

$ ssh-add -l

The agent has no identities.

And manually adding a key fails.

$ ssh-add ~/.ssh/id_ecdsa

Enter passphrase for ~/.ssh/id_ecdsa: Could not add identity "~/.ssh/id_ecdsa": communication with agent failed

The only work around I've found is to run

eval `ssh-agent -s` or ssh-agent bash

which allows me to manually add my SSH keys again. But then I have to restart the ssh agent and readd the ssh keys every session, and I still can't use my key to do SFTP with Nautilus.

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
2

answered 2015-09-17 05:24:15 -0600

terrycloth gravatar image

I figured out the problem. My SSH key was generated using the Elliptic Curve Digital Signature Algorithm (ECDSA), which GNOME Keyring no longer supports.

When I switched back to an RSA key pair, GNOME Keyring detected my ssh keys again as it should. This article on the Arch wiki suggests that the NIST curves used to generate ECDSA keys (which I had used) may be insecure anyway -- which could be part of why GNOME dropped support for ECDSA keys. Since plain DSA is deprecated, RSA or possibly Ed25519 are probably the best choices for what types of ssh keys to use.

edit flag offensive delete link more

Comments

Unless you recompile Firefox, Chrome, OpenSSL, GnuTLS, Java, OpenSSH and NSS (among others) to remove support for elliptic curve cryptography, not using NIST curves for SSH won't help you much...

hkario gravatar imagehkario ( 2016-04-11 09:31:46 -0600 )edit
add a comment
0

answered 2015-08-04 08:31:16 -0600

baggypants gravatar image

Are you running with Gnome-wayland? It might be this https://bugzilla.gnome.org/show_bug.c...

edit flag offensive delete link more

Comments

No, I'm using GNOME with the default display server, which I believe is still X11.

terrycloth gravatar imageterrycloth ( 2015-08-07 15:42:03 -0600 )edit
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-07-29 17:20:31 -0600

Seen: 8,527 times

Last updated: Jul 20 '16

Related questions

Can't authenticate with ssh key

How do I get proper ssh-agent functionality in GNOME?

ping from host to guest Fedora20 host only network virtualbox

How to enable outgoing SSH?

How do I manage gnome keyrings?

git clone with ssh hangs indefinitely with Fedora 29

last command not showing ip of ssh login

Fedora 17 - ssh as root and try to use port forwarding gets permission denied in secure log

seahorse-nautilus GnomeKeyring file encryption?

Mathematica through ssh tunnel does not work in fc23

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2