Red Hat Bugzilla – Bug 148945
gnome-keyring-d and ssh-agent keep running after logout
Last modified: 2010-10-21 22:47:55 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4
Description of problem:
After logging out of gnome and logging back in, I notice that keyring
and ssh-agent from before are still running. With many logouts/logins
the number of processes grows.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.log in with gnome
3.log back in and do ps -u user
Actual Results: gnome-keyring and ssh-agent from before are still
running along with new ones.
Expected Results: only one instance of each (?)
I noticed this first with ssh-agent. I then created .xsession and
.bash_logout files to kill my ssh-agents when I logged out. Now I
notice it with keyring. Is it safe to kill these too at logout? I'm
flagging it as a security issue since these packages are related to
Look at #134494 for the ssh-agent problems.
I don't notice this with gnome-keyring, but I have noticed that ssh-agent
continues to run and is re-executed at each login, so that after 4 days of
uptime I now have 8 ssh-agent's running.
Created attachment 122278 [details]
Patch for gnome-keyring
Created attachment 122279 [details]
Patch for gnome-sesson
For the gnome-kerying part, I'm not sure exactly when this happens (it doesn't
always seems to happen). It was fixed in upstream CVS 2004/11/30 with the two
patches I attached above by slaving the keyring lifecycle to the X server
I didn't test these two patches, but they should be tested via upstream in e.g. FC4.
*** Bug 173356 has been marked as a duplicate of this bug. ***
This bug still has status NEW over a year after being opened, and I still see it
I tried the fix in bug #134494 comment 37 for ssh-agent; however having Xsession
use ssh-agent to exec the session breaks things for me, because the setgid
ssh-agent unsets LD_LIBRARY_PATH. It doesn't seem exactly elegant to treat
LD_LIBRARY_PATH (and whatever other variables need preserving) in the same way
as TMPDIR in the #134494 patch.
The way I read this bug the users still haven't gotten packages with *both* the
two patches I posted here. To make sure this is the case, can you please build
and get the customer to test these exact packages:
Both packages must be installed, and then you must log out and make sure there
are no active gnome-sessions or gnome-keyring-daemons.
I put x86-64 packages at http://people.redhat.com/~alexl/RPMS/keyring/
I made the following patch as quickfix for this problem. Please note that the
ssh-agent has to be started *after* the dbus launch!
sed -i- -e '/^\[ -x \/usr\/bin\/ssh-agent/s/^/#/' -e '/^\[ -x \/usr\/bin\/dbus-
launch/a\\n# Missbrauch des DBUS_LAUNCH für ssh-agent\n[ -x /usr/bin/ssh-agent
-a -z "$SSH_AGENT_PID" ] && DBUS_LAUNCH="$DBUS_LAUNCH /usr/bin/ssh-agent"\n' /
I see no reason why it take so long to get this fix (well, a bit more clear
and not so crude) into the start script.
On May 4th, Joe Kachuck passed along two packages you gave him to the customer
for testing. The customer stated that he killed all gnome-session and
gnome-keyring-daemon process and updated the packages. He's still seeing the issue.
I am attaching a fresh copy of his sysreport for you to examine.
I installed RHEL4 on a i386 machine (i have no x86-64). Pressing
ctrl-alt-backspace after login leaves the gnome-keyring-daemon around after the
session has died. However, after building and installing the packages above this
no longer happens.
Now, i don't have an x86-64 machine here to test on, but given the patches
involved are not really arch dependent I doubt it will make a difference. So, if
the patches don't fix things for the customer then they have to have some
specific problem that I can't really resolve.
The patches I posted are what has been commited to upstream and has worked for
everyone upstream for quite some time. I find it really hard to believe that
they shouldn't work for this particular user.
Anyway, its hard for me to go any further with this.
Or maybe the problem was ssh-agent? My fix only applies to gnome-keyring-daemon,
ssh-agent is a different thing.
Since Comment 29 indicates that the "gnome-keyring" problem and the "ssh-agent"
problem are actually two separate problems, I opened Bug 240069 to track the
"ssh-agent" problem. I suggest changing this bug to just track the
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.