Bug 2250704

Summary: GNOME ssh agent not working in Rawhide
Product: [Fedora] Fedora Reporter: Adam Williamson <awilliam>
Component: gcrAssignee: Matthias Clasen <mclasen>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: debarshir, dhanuka, dueno, gnome-sig, klember, mcatanza, mclasen, stefw
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-21 18:43:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Williamson 2023-11-20 17:25:46 UTC 
In current Rawhide, GNOME's ssh agent functionality isn't working. Every time I try and ssh anywhere from within GNOME, I get a terminal prompt for the key passphrase. The way this should work is that the *first* time I ssh somewhere I get a GNOME prompt for the passphrase, and it should then store it for future re-use within the same session.

Kalev pointed out that this is likely related to https://src.fedoraproject.org/rpms/gnome-keyring/pull-request/7 and the https://fedoraproject.org/wiki/Changes/ModularGnomeKeyring Change more broadly. In light of that, some info:

* I have gcr3-3.41.1-6.fc39.x86_64 and gcr-4.1.0-2.fc39.x86_64 installed
* gcr3 provides /usr/libexec/gcr-ssh-askpass but no agent
* gcr provides /usr/libexec/gcr-ssh-agent and /usr/libexec/gcr4-ssh-askpass
* gcr also provides a gcr-ssh-agent.service and a gcr-ssh-agent.socket , but both appear to be disabled and inactive:

[adamw@xps13a os-autoinst-distri-fedora (main %)]$ systemctl --user status gcr-ssh-agent
○ gcr-ssh-agent.service - GCR ssh-agent wrapper
     Loaded: loaded (/usr/lib/systemd/user/gcr-ssh-agent.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/user/service.d
             └─10-timeout-abort.conf
     Active: inactive (dead)
TriggeredBy: ○ gcr-ssh-agent.socket
[adamw@xps13a os-autoinst-distri-fedora (main %)]$ rpm -ql gcr | grep sock
/usr/lib/systemd/user/gcr-ssh-agent.socket
[adamw@xps13a os-autoinst-distri-fedora (main %)]$ systemctl --user status gcr-ssh-agent.socket
○ gcr-ssh-agent.socket - GCR ssh-agent wrapper
     Loaded: loaded (/usr/lib/systemd/user/gcr-ssh-agent.socket; disabled; preset: disabled)
     Active: inactive (dead)
   Triggers: ● gcr-ssh-agent.service
     Listen: /run/user/1000/gcr/ssh (Stream)
Comment 1 Adam Williamson 2023-11-20 17:27:21 UTC 
starting the service and socket manually within a running GNOME session doesn't seem to help, I still just get a console prompt.
Comment 2 Daiki Ueno 2023-11-21 01:04:26 UTC 
I would say it needs more coordination to switch over to gcr-ssh-agent on Fedora (e.g., how to propagate SSH_AUTH_SOCK, to automatically enable it at preset, ...); I propose re-enable ssh-agent support in gnome-keyring until they are done.  See https://src.fedoraproject.org/rpms/gnome-keyring/pull-request/9
Comment 3 Adam Williamson 2023-11-21 01:34:07 UTC 
that would definitely help delay my going insane, yes...thanks :)
Comment 4 Adam Williamson 2023-11-21 18:43:24 UTC 
OK, https://koji.fedoraproject.org/koji/buildinfo?buildID=2322906 got this working again, thanks.