Description of problem: I always use ssh-add in order to enter just one time my password, but now it stopped working with the following output: ~$ ssh-add Could not open a connection to your authentication agent. Version-Release number of selected component (if applicable): ~$ rpm -qa | grep openssh openssh-server-5.4p1-3.fc13.i686 openssh-clients-5.4p1-3.fc13.i686 openssh-5.4p1-3.fc13.i686 openssh-askpass-5.4p1-3.fc13.i686 How reproducible: Always Steps to Reproduce: 1. enter in your gnome session 2. enter ssh-add in a terminal 3. failure! Actual results: ~$ ssh-add Could not open a connection to your authentication agent. Expected results: ssh-agent should start when logging in Additional info:
Hi Jan F. Chadima: It happens not only in my i386 notebook but also in my 64-bit PC, when I enter Gnome via graphical login: [german@skytux ~]$ ssh-add Could not open a connection to your authentication agent. Regards, Germán.
I just noticed this myself (in F14). The standard startup applications has: Name: SSH Key Agent Command: /usr/bin/gnome-keyring-daemon --start --components=ssh Comment: GNOME Keyring: SSH Agent This doesn't seem to create a separate process though. If you run it manually, it outputs shell code to set GNOME_KEYRING_CONTROL, GPG_AGENT_INFO, and SSH_AUTH_SOCK. I believe this isn't getting used properly. If I export these manually, then suddenly ssh-add (and accessing those keys in ssh) works, ... in the shell that I issue those commands. Anyway, the agent is there, but the apps don't know where to find it
In an unmodified terminal, GNOME_KEYRING_CONTROL is set, but GPG_AGENT_INFO and SSH_AUTH_SOCK are not.
SSH_AUTH_SOCK is configured for me in my F13 installs. One of the misconceptions here is that ssh-agent has to be running. That's not strictly true. The gnome keyring is acting as the agent on my system. From a terminal I get set |grep SSH SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass SSH_AUTH_SOCK=/tmp/keyring-XXXXX/ssh and lsof tells me that gnome-keyring-daemon has the file /tmp/keyring-XXXXX/ssh open everything works as expected for me. So now I have to ask is is gnome-keyring-daemon starting up at session start for the affected systems? -jef
In my case, yes, there are two gnome-keyring-daemon processes that are started at login: /usr/bin/gnome-keyring-daemon --daemonize --login /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
I wonder if this is possibly an issue that is masked by old user configs. My system is a complete reinstall of F14 Beta. I've only copied limited portions of my old homedir over. In particular, I did not copy an gnome settings over, so I have the F14 defaults. Jef, can you maybe try creating a fresh user and seeing that user has the problem?
Furthermore, no process on my system has SSH_AUTH_SOCK set in its environment. [root@wonderflonium ~]# grep -l SSH_AUTH_SOCK /proc/[0-9]*/environ [root@wonderflonium ~]#
FWIW, I have had this problem with my F13 install, but on my F14 Beta install that uses the same home directory, ssh-agent works fine.
(In reply to comment #9) > Furthermore, no process on my system has SSH_AUTH_SOCK set in its environment. > [root@wonderflonium ~]# grep -l SSH_AUTH_SOCK /proc/[0-9]*/environ I have this set on my F13 box: [paul@zion trunk]$ env | grep SSH SSH_AGENT_PID=4998 SSH_AUTH_SOCK=/tmp/ssh-vCyRnr4997/agent.4997 SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass Perhaps this is due to me using keychain? (it's all working fine for me by the way)
(In reply to comment #8) fresh user.. no problem. SSH_AUTH_SOCK is setup as expected without a problem on first login. Creating an ssh key and using ssh-add works as expected. I run this system fully updated F13 with updates-testing starting from a fresh install of F13. But I've never seen this problem at any point in my daily F13 usage. -jef
I'm a bit confused about the reference to ssh-add. You shouldn't ever need to use ssh-add if you're booting to runlevel 5; gnome-keyring takes care of it. It should prompt you graphically for your passphrase the first time you try and ssh anywhere and then save it for the rest of the session. *This* does seem to have broken recently in F14, indeed. I'm getting prompted at the actual gnome-terminal (not in a graphical pop-up window) for my passphrase, every time I try and ssh anywhere.
Adam - ssh-add may not be necessary, but it is an easy way to test the system. Getting prompted as you describe by ssh is a different manifestation of the same issue.
A new user on my F14 box has these startup apps: Name: Certificate and Key Storage Command: /usr/bin/gnome-keyring-daemon --start --components=pkcs11 Comment: GNOME Keyring: PKCS#11 Component Name: GPG Password Agent Command: gnome-keyring-daemon --start --components=gpg Comment: GNOME Keyring: GPG Agent Name: Secret Storage Service Command: /usr/bin/gnome-keyring-daemon --start --components=secrets Comment: GNOME Keyring: Secret Service Name: SSH Key Agent Command: /usr/bin/gnome-keyring-daemon --start --components=ssh Comment: GNOME Keyring: SSH Agent
And now it is working for me. Not sure what fixed it. Perhaps it was fallout of the gcc issue?
yeah, it's been working again for me lately. shall we close? -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Germán - you opened against F13. Still happening there?
Yes, here nothing changed: [german@skytux ~]$ ssh-add Could not open a connection to your authentication agent.
Germán,(And _only_ Germán) So lets back up and reconfirm your situation on F13 which should be a direct comparison with my working F13 installs. This is a GNOME desktop you are logging into? If Yes, do you have a gnome-keyring-daemon process running after login? If gnome-keyring-daemon is running it should be creating a what version of the gnome-keyring package do you have installed? gnome-keyring-daemon should running at gnome login and should be setting the environment variable SSH_AUTH_SOCK to a temporary socket file located in /tmp. We need to confirm that gnome-keyring-daemon is actually running on your system. -jef
(In reply to comment #20) Hi Jef: I'm entering a Gnome session in my up to date F13. Here are the informations you requested: $ rpm -q gnome-keyring gnome-keyring-2.30.3-1.fc13.i686 $ ps ax | grep gnome-keyring-daemon 1554 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login 1790 ? S 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets $ env | grep SSH SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
(In reply to comment #21) In your gnome "startup applications" preferences under system->preferences menu. Do you have SSH Key Agent enabled? -jef
Hi Jef: I'm very sorry for the delay in answering your question :( Well, in System -> Preferences -> Startup Applications I don't have anything related to SSH Key Agent, maybe because this is not a fresh install and I've removed those options sometime ago. German.
Sounds like that explains Germán's problem. It looks like Jonathan also had the problem with F13 (comment 10). Jonathan, can you answer the same questions (from comment 20 and comment 22)? That is, if you're still having the problem there.
Sorry, just coming back to this after four months. This is all working correctly now in F14 and I no longer have an F13 system running. Closing as WORKSFORME.