Bug#869890: gnome-keyring: partially reproduced because of wrong SSH_AUTH_SOCK

Tue Nov 28 17:32:50 UTC 2017

Package: gnome-keyring
Followup-For: Bug #869890

Hello.

Thanks for the report. I-ve found something similar, at least the part of ssh-add not working
with the error message:

   Could not add identity "...": communication with agent failed

Looking for hints I found this in Arch's wiki:

https://wiki.archlinux.org/index.php/GNOME/Keyring#Disable_keyring_daemon_components

    "Note: In case you use GNOME 3.24 or older on Wayland, gnome-shell
    will overwrite SSH_AUTH_SOCK to point to gnome-keyring regardless
    if it is running or not. To prevent this, you need to set the
    environment variable GSM_SKIP_SSH_AGENT_WORKAROUND before
    gnome-shell is started. One way to do this is to add the line
    GSM_SKIP_SSH_AGENT_WORKAROUND DEFAULT=1 to ~/.pam_environment."

I'm using kdm and mate here.

Opening a mate terminal I can see
SSH_AUTH_SOCK pointing to a /run/user/$UID/keyring/ssh socket (apparently to gnome-keyring).
But SSH_AGENT_PID contained a ssh-agent process id. 

I've done the following workaround to be able to ssh-add and ssh, but I'm not sure
whether this breaks anything, and I think further inquiry is needed here.

added this to ~/.xsessionrc
SAVED_STARTUP=x-session-manager
export SAVED_STARTUP
USERXSESSION=/usr/local/bin/save_ssh_auth_socket

(you could place the script under your home directory to avoid needing root privileges)
The script save_ssh_auth_socket is
#/bin/sh
SAVED_SSH_AUTH_SOCK=$SSH_AUTH_SOCK
export SAVED_SSH_AUTH_SOCK
exec "$SAVED_STARTUP"

Then I appended this to the end of ~/.bashrc
if [ -e "$SAVED_SSH_AUTH_SOCK" ] ; then
    SSH_AUTH_SOCK="$SAVED_SSH_AUTH_SOCK"
    export SSH_AUTH_SOCK;
fi

And with this I can carry on, but shouldn't be needed and there's
possibly somethign to fix somewhere. And I'm on old versions of
software. Maybe it's already fixed or needs different workarounds
in newer versions. 

You could also add a script to /etc/X11/Xdession.d/ and change
/etc/bash.bashrc instead of the $HOME file, to work around it
systemwide but still, I'd like to know whether the env var really
needs being overriden (at least if one doesn't want gnome-keyring for
ssh) and where is it done.

Now, it could be something in gnome-keyring, or in mate-session, or elsewhere...

Hope it helps a little anyway. 

-- System Information:
Debian Release: 8.9
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: armhf (armv7l)

Kernel: Linux 4.8.12-gnuthymusa (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-keyring depends on:
ii  dbus-x11                                     1.8.22-0+deb8u1
ii  dconf-gsettings-backend [gsettings-backend]  0.22.0-1
ii  gcr                                          3.14.0-2
ii  libc6                                        2.19-18+deb8u10
ii  libcap-ng0                                   0.7.4-2
ii  libcap2-bin                                  1:2.24-8
ii  libdbus-1-3                                  1.8.22-0+deb8u1
ii  libgck-1-0                                   3.14.0-2
ii  libgcr-base-3-1                              3.14.0-2
ii  libgcrypt20                                  1.6.3-2+deb8u4
ii  libglib2.0-0                                 2.42.1-1+b1
ii  p11-kit                                      0.20.7-1

Versions of packages gnome-keyring recommends:
ii  libpam-gnome-keyring  3.14.0-1+b1

gnome-keyring suggests no packages.

-- no debconf information