Bug#569510: gnome-keyring as ssh-agent tries to unlock default key when another key works

Jay Berkenbilt qjb at debian.org
Fri Feb 12 00:22:38 UTC 2010 

X-Debbugs-CC: qjb at debian.org
Package: gnome-keyring
Version: 2.28.2-1
Severity: minor

*** Please type your report below this line ***

I use gnome-keyring to replace ssh-agent.  I have multiple ssh keys that
I use for different systems.  If I explicitly load one key with ssh-add
but don't "unlock" my default ssh key and then ssh to somewhere where
the alternative key is sufficient, gnome-keyring still pops up a dialog
asking me to unlock my default key.  If I cancel, the ssh operation
still succeeds because the other key is loaded.

It would be nice if it didn't behave that way.  I shouldn't have to
unlock my default key if I've loaded a working key to some site.

I don't know exactly how ssh communicates with its agent, but I do know
that the regular ssh-agent that's part of openssh-client doesn't suffer
from this deficiency.

To reproduce this, just create some alternative ssh key with ssh-keygen
and put its public key in an authorized_keys file.  Then ssh there
without loading your default key.

Please let me know if you need more a specific recipe for reproducing
the problem or if I should directly report this upstream.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnome-keyring depends on:
ii  dbus-x11                      1.2.20-2   simple interprocess messaging syst
ii  gconf2                        2.28.0-1   GNOME configuration database syste
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib
ii  libdbus-1-3                   1.2.20-2   simple interprocess messaging syst
ii  libgconf2-4                   2.28.0-1   GNOME configuration database syste
ii  libgcr0                       2.28.2-1   Library for Crypto UI related task
ii  libgcrypt11                   1.4.5-2    LGPL Crypto library - runtime libr
ii  libglib2.0-0                  2.22.4-1   The GLib library of C routines
ii  libgp11-0                     2.28.2-1   Glib wrapper library for PKCS#11 -
ii  libgtk2.0-0                   2.18.6-1   The GTK+ graphical user interface 
ii  libpango1.0-0                 1.26.2-1   Layout and rendering of internatio
ii  libtasn1-3                    2.4-1      Manage ASN.1 structures (runtime)

Versions of packages gnome-keyring recommends:
ii  libpam-gnome-keyring          2.28.2-1   PAM module to unlock the GNOME key

gnome-keyring suggests no packages.

-- no debconf information

More information about the pkg-gnome-maintainers mailing list