Red Hat Bugzilla – Bug 83496
not asked for SSH passphrase on GDM login
Last modified: 2007-04-18 12:50:40 EDT
Description of problem:
When logging in to the system from the GNOME Display Manager, selecting the GNOME session causes ssh-agent
to be run before running the usual GNOME session. Selecting a different session (such as KDE) does not invoke
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set GDM as default display manager
2. Select KDE as the session, then log in
KDE is started.
A dialog appears prompting for the SSH passphrase before KDE is started.
The session is called from /etc/X11/gdm/Sessions/*, which in turn calls /etc/X11/xdm/Xsession <sessionname>.
The GNOME session runs "exec -l $SHELL -c "$SSHAGENT gnome-session"", but the KDE session runs
"exec -l $SHELL -c "$SSHAGENT /usr/share/apps/switchdesk/Xclients.kde"", which is equivalent to
"exec -l $SHELL -c "$SSHAGENT exec startkde".
Presumably the fix is to change the line to be more similar to the GNOME session to read:
"exec -l $SHELL -c "$SSHAGENT startkde"
or perhaps to remove the exec from /usr/share/apps/switchdesk/Xclients.kde if that is possible.
This behavior should also be exhibited by XDM, as it uses the same session scripts.
It turns out ssh-agent was only invoked under the GNOME session because I had it in my ~/.xsession, and the
Default session was being used rather than the GNOME session, meaning the out-of-the-box configuration does
not start ssh-agent for any session.
My ~/.xsession looks like:
ssh-add < /dev/null
which gnome-session && exec gnome-session
which startkde && exec startkde
In case ssh-agent is at fault, its version is openssh-clients-3.5p1-2.
I misunderstood the purpose of ssh-agent.
ssh-add is what prompts for the passphrase, and this is not in the Xsession script, so naturally it will not be run.
I guess I'd like ssh-add to be run immediately after ssh-agent, so I am prompted for my SSH passphrase when
logging in, but the issue I reported is not a bug, and there is probably a reason why my desired functionality is not
Hope I've not taken too much of anyone's time.
Michael Wardle, if you want to be prompted for your ssh passphrase immediately
when GNOME/KDE/X starts, you can create a executable .Xclients file (instead of
your .xsession file) in your home directory. It would in fact be very similar
to your .xsession file, but since ssh-agent is already active as an ancestor
process to X, you just need to call ssh-add graphically.
Here is what I have:
[joshua@joshua joshua]$ cat ~/.Xclients
(sleep 10; xterm -e ssh-add) &
Just a suggestion...