+++ This bug was initially created as a clone of Bug #148945 +++

The original bug report was about both gnome-keyring and ssh-agent.  It now
appears these are two different problems.  To avoid confusion, I am opening this
case to track just the ssh-agent problem.

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4

Description of problem:
After logging out of gnome and logging back in, I notice that keyring
and ssh-agent from before are still running. With many logouts/logins
the number of processes grows.

Version-Release number of selected component (if applicable):
gnome-keyring-0.4.0-1, openssh-3.9p1-8.RHEL4.1

How reproducible:
Always

Steps to Reproduce:
1.log in with gnome
2.log out
3.log back in and do ps -u user
    

Actual Results:  gnome-keyring and ssh-agent from before are still
running along with new ones.

Expected Results:  only one instance of each (?)

Additional info:

I noticed this first with ssh-agent. I then created .xsession and
.bash_logout files to kill my ssh-agents when I logged out. Now I
notice it with keyring. Is it safe to kill these too at logout? I'm
flagging it as a security issue since these packages are related to
security.

-- Additional comment from k.georgiou.uk on 2005-03-18 12:53 EST --
Look at #134494 for the ssh-agent problems.

-- Additional comment from enjones on 2005-05-04 13:39 EST --
I don't notice this with gnome-keyring, but I have noticed that ssh-agent
continues to run and is re-executed at each login, so that after 4 days of
uptime I now have 8 ssh-agent's running.

-- Additional comment from alexl on 2005-12-15 08:04 EST --
Created an attachment (id=122278)
Patch for gnome-keyring


-- Additional comment from alexl on 2005-12-15 08:05 EST --
Created an attachment (id=122279)
Patch for gnome-sesson


-- Additional comment from alexl on 2005-12-15 08:08 EST --
For the gnome-kerying part, I'm not sure exactly when this happens (it doesn't
always seems to happen). It was fixed in upstream CVS 2004/11/30 with the two
patches I attached above by slaving the keyring lifecycle to the X server
connection. 

I didn't test these two patches, but they should be tested via upstream in e.g. FC4.


-- Additional comment from alexl on 2005-12-15 08:12 EST --
*** Bug 173356 has been marked as a duplicate of this bug. ***

-- Additional comment from gmorris.edu on 2006-06-26 16:53 EST --
This bug still has status NEW over a year after being opened, and I still see it
in RHEL4.

I tried the fix in bug #134494 comment 37 for ssh-agent; however having Xsession
use ssh-agent to exec the session breaks things for me, because the setgid
ssh-agent unsets LD_LIBRARY_PATH. It doesn't seem exactly elegant to treat
LD_LIBRARY_PATH (and whatever other variables need preserving) in the same way
as TMPDIR in the #134494 patch.



-- Additional comment from alexl on 2007-05-02 09:38 EST --
The way I read this bug the users still haven't gotten packages with *both* the
two patches I posted here. To make sure this is the case, can you please build
and get the customer to test these exact packages:
http://people.redhat.com/~alexl/RPMS/keyring/gnome-keyring-0.4.0-1.1keyringlifetime.src.rpm
http://people.redhat.com/~alexl/RPMS/keyring/gnome-session-2.8.0-5.1keyringlifetime.src.rpm

Both packages must be installed, and then you must log out and make sure there
are no active gnome-sessions or gnome-keyring-daemons.

-- Additional comment from alexl on 2007-05-08 04:18 EST --
I put x86-64 packages at http://people.redhat.com/~alexl/RPMS/keyring/

-- Additional comment from Klaus on 2007-05-08 04:48 EST --
I made the following patch as quickfix for this problem. Please note that the 
ssh-agent has to be started *after* the dbus launch!

sed -i- -e '/^\[ -x \/usr\/bin\/ssh-agent/s/^/#/' -e '/^\[ -x \/usr\/bin\/dbus-
launch/a\\n# Missbrauch des DBUS_LAUNCH für ssh-agent\n[ -x /usr/bin/ssh-agent 
-a -z "$SSH_AGENT_PID" ] && DBUS_LAUNCH="$DBUS_LAUNCH /usr/bin/ssh-agent"\n' /
etc/X11/xinit/xinitrc-common

I see no reason why it take so long to get this fix (well, a bit more clear 
and not so crude) into the start script.

-- Additional comment from alanm on 2007-05-09 12:03 EST --
 Hey,

On May 4th, Joe Kachuck passed along two packages you gave him to the customer
for testing.  The customer stated that he killed all gnome-session and
gnome-keyring-daemon process and updated the packages.  He's still seeing the issue.

I am attaching a fresh copy of his sysreport for you to examine.

--Chris 

-- Additional comment from alexl on 2007-05-10 04:55 EST --
I installed RHEL4 on a i386 machine (i have no x86-64). Pressing
ctrl-alt-backspace after login leaves the gnome-keyring-daemon around after the
session has died. However, after building and installing the packages above this
no longer happens.

Now, i don't have an x86-64 machine here to test on, but given the patches
involved are not really arch dependent I doubt it will make a difference. So, if
the patches don't fix things for the customer then they have to have some
specific problem that I can't really resolve. 

The patches I posted are what has been commited to upstream and has worked for
everyone upstream for quite some time. I find it really hard to believe that
they shouldn't work for this particular user.

Anyway, its hard for me to go any further with this.

-- Additional comment from alexl on 2007-05-10 04:57 EST --
Or maybe the problem was ssh-agent? My fix only applies to gnome-keyring-daemon,
ssh-agent is a different thing.