Bug 626209 - ssh-agent does't start at gnome login
ssh-agent does't start at gnome login
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: gnome-session (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-22 14:13 EDT by Germán Racca
Modified: 2011-02-23 14:48 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-02-23 14:48:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Germán Racca 2010-08-22 14:13:25 EDT
Description of problem:
I always use ssh-add in order to enter just one time my password, but now it stopped working with the following output:

~$ ssh-add
Could not open a connection to your authentication agent.

Version-Release number of selected component (if applicable):
~$ rpm -qa | grep openssh
openssh-server-5.4p1-3.fc13.i686
openssh-clients-5.4p1-3.fc13.i686
openssh-5.4p1-3.fc13.i686
openssh-askpass-5.4p1-3.fc13.i686

How reproducible:
Always

Steps to Reproduce:
1. enter in your gnome session
2. enter ssh-add in a terminal
3. failure!
  
Actual results:
~$ ssh-add
Could not open a connection to your authentication agent.

Expected results:
ssh-agent should start when logging in

Additional info:
Comment 3 Germán Racca 2010-08-23 17:55:22 EDT
Hi Jan F. Chadima:

It happens not only in my i386 notebook but also in my 64-bit PC, when I enter Gnome via graphical login:

[german@skytux ~]$ ssh-add 
Could not open a connection to your authentication agent.

Regards,
Germán.
Comment 4 Mike McLean 2010-10-01 16:35:55 EDT
I just noticed this myself (in F14). The standard startup applications has:
Name: SSH Key Agent
Command: /usr/bin/gnome-keyring-daemon --start --components=ssh
Comment: GNOME Keyring: SSH Agent

This doesn't seem to create a separate process though. If you run it manually, it outputs shell code to set GNOME_KEYRING_CONTROL, GPG_AGENT_INFO, and SSH_AUTH_SOCK. I believe this isn't getting used properly. If I export these manually, then suddenly ssh-add (and accessing those keys in ssh) works, ... in the shell that I issue those commands.

Anyway, the agent is there, but the apps don't know where to find it
Comment 5 Mike McLean 2010-10-01 16:43:57 EDT
In an unmodified terminal, GNOME_KEYRING_CONTROL is set, but GPG_AGENT_INFO and SSH_AUTH_SOCK are not.
Comment 6 Jef Spaleta 2010-10-01 17:00:52 EDT
SSH_AUTH_SOCK is configured for me in my F13 installs.

One of the misconceptions here is that ssh-agent has to be running. That's not strictly true. The gnome keyring is acting as the agent on my system.

From a terminal I get
set |grep SSH
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SSH_AUTH_SOCK=/tmp/keyring-XXXXX/ssh

and lsof tells me that
gnome-keyring-daemon has the file /tmp/keyring-XXXXX/ssh open


everything works as expected for me.


So now I have to ask is is gnome-keyring-daemon starting up at session start for the affected systems?

-jef
Comment 7 Mike McLean 2010-10-01 17:27:03 EDT
In my case, yes, there are two gnome-keyring-daemon processes that are started at login:
/usr/bin/gnome-keyring-daemon --daemonize --login
/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
Comment 8 Mike McLean 2010-10-01 17:30:13 EDT
I wonder if this is possibly an issue that is masked by old user configs. My system is a complete reinstall of F14 Beta. I've only copied limited portions of my old homedir over. In particular, I did not copy an gnome settings over, so I have the F14 defaults.

Jef, can you maybe try creating a fresh user and seeing that user has the problem?
Comment 9 Mike McLean 2010-10-01 17:45:34 EDT
Furthermore, no process on my system has SSH_AUTH_SOCK set in its environment.
[root@wonderflonium ~]# grep -l SSH_AUTH_SOCK /proc/[0-9]*/environ
[root@wonderflonium ~]#
Comment 10 Jonathan Dieter 2010-10-02 01:58:21 EDT
FWIW, I have had this problem with my F13 install, but on my F14 Beta install that uses the same home directory, ssh-agent works fine.
Comment 11 Paul Howarth 2010-10-02 04:48:34 EDT
(In reply to comment #9)
> Furthermore, no process on my system has SSH_AUTH_SOCK set in its environment.
> [root@wonderflonium ~]# grep -l SSH_AUTH_SOCK /proc/[0-9]*/environ

I have this set on my F13 box:

[paul@zion trunk]$ env | grep SSH
SSH_AGENT_PID=4998
SSH_AUTH_SOCK=/tmp/ssh-vCyRnr4997/agent.4997
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass

Perhaps this is due to me using keychain?

(it's all working fine for me by the way)
Comment 12 Jef Spaleta 2010-10-02 04:57:02 EDT
(In reply to comment #8)

fresh user.. no problem. SSH_AUTH_SOCK is setup as expected without a problem on first login. Creating an ssh key and using ssh-add works as expected.

I run this system fully updated F13 with updates-testing starting from a fresh install of F13. But I've never seen this problem at any point in my daily F13 usage. 

-jef
Comment 13 Adam Williamson 2010-10-04 18:19:10 EDT
I'm a bit confused about the reference to ssh-add. You shouldn't ever need to use ssh-add if you're booting to runlevel 5; gnome-keyring takes care of it. It should prompt you graphically for your passphrase the first time you try and ssh anywhere and then save it for the rest of the session.

*This* does seem to have broken recently in F14, indeed. I'm getting prompted at the actual gnome-terminal (not in a graphical pop-up window) for my passphrase, every time I try and ssh anywhere.
Comment 14 Mike McLean 2010-10-05 14:02:27 EDT
Adam - ssh-add may not be necessary, but it is an easy way to test the system. Getting prompted as you describe by ssh is a different manifestation of the same issue.
Comment 15 Mike McLean 2010-10-05 14:15:58 EDT
A new user on my F14 box has these startup apps:

Name: Certificate and Key Storage
Command: /usr/bin/gnome-keyring-daemon --start --components=pkcs11
Comment: GNOME Keyring: PKCS#11 Component

Name: GPG Password Agent
Command: gnome-keyring-daemon --start --components=gpg
Comment: GNOME Keyring: GPG Agent

Name: Secret Storage Service
Command: /usr/bin/gnome-keyring-daemon --start --components=secrets
Comment: GNOME Keyring: Secret Service

Name: SSH Key Agent
Command: /usr/bin/gnome-keyring-daemon --start --components=ssh
Comment: GNOME Keyring: SSH Agent
Comment 16 Mike McLean 2010-10-13 12:38:39 EDT
And now it is working for me. Not sure what fixed it. Perhaps it was fallout of the gcc issue?
Comment 17 Adam Williamson 2010-10-13 17:52:52 EDT
yeah, it's been working again for me lately. shall we close?



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 18 Mike McLean 2010-10-14 11:07:18 EDT
Germán - you opened against F13. Still happening there?
Comment 19 Germán Racca 2010-10-14 18:51:37 EDT
Yes, here nothing changed:

[german@skytux ~]$ ssh-add
Could not open a connection to your authentication agent.
Comment 20 Jef Spaleta 2010-10-14 21:58:29 EDT
Germán,(And _only_ Germán)

So lets back up and reconfirm your situation on F13 which should be a direct comparison with my working F13 installs.

This is a GNOME desktop you are logging into? 
If Yes, do you have a gnome-keyring-daemon process running after login?

If gnome-keyring-daemon is running it should be creating a 
what version of the gnome-keyring package do you have installed?

gnome-keyring-daemon should running at gnome login and should be setting the environment variable SSH_AUTH_SOCK to a temporary socket file located in /tmp.

We need to confirm that gnome-keyring-daemon is actually running on your system.

-jef
Comment 21 Germán Racca 2010-10-14 22:46:07 EDT
(In reply to comment #20)

Hi Jef:

I'm entering a Gnome session in my up to date F13. Here are the informations you requested:

$ rpm -q gnome-keyring
gnome-keyring-2.30.3-1.fc13.i686

$ ps ax | grep gnome-keyring-daemon
 1554 ?        Sl     0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
 1790 ?        S      0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

$ env | grep SSH
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
Comment 22 Jef Spaleta 2010-10-15 14:33:41 EDT
(In reply to comment #21)
In your gnome "startup applications" preferences under system->preferences menu.

Do you have SSH Key Agent enabled?

-jef
Comment 23 Germán Racca 2010-10-29 03:04:22 EDT
Hi Jef:

I'm very sorry for the delay in answering your question :(

Well, in System -> Preferences -> Startup Applications I don't have anything related to SSH Key Agent, maybe because this is not a fresh install and I've removed those options sometime ago.


German.
Comment 24 Mike McLean 2010-10-29 11:25:35 EDT
Sounds like that explains Germán's problem. It looks like Jonathan also had the problem with F13 (comment 10).

Jonathan, can you answer the same questions (from comment 20 and comment 22)? That is, if you're still having the problem there.
Comment 25 Jonathan Dieter 2011-02-23 14:48:05 EST
Sorry, just coming back to this after four months.  This is all working correctly now in F14 and I no longer have an F13 system running.  Closing as WORKSFORME.

Note You need to log in before you can comment on or make changes to this bug.