-
Notifications
You must be signed in to change notification settings - Fork 19
0001 passwordless ssh with GNOME keyring
Nils Kvist edited this page Sep 26, 2022
·
13 revisions
Examples worked on openSUSE tumbleweed 2022.09.24, names and path might differ on other distributions. lightdm was enabled when this was tested, manual PAM configuration is needed without DM
see also:
- https://wiki.archlinux.org/title/GNOME/Keyring
- https://github.com/capocasa/systemd-user-pam-ssh
- https://wiki.archlinux.org/title/SSH_keys
- https://wiki.archlinux.org/title/OpenSSH
- https://rabexc.org/posts/pitfalls-of-ssh-agents
- https://rabexc.org/posts/using-ssh-agent
Needed packages:
gnome-keyring-
gcr-ssh-agent -
gcr3-ssh-askpass(provides /usr/libexec/gcr-ssh-askpass , GTK3 version) -
seahorse(optional GUI frontend for keyring)
Create an override for gnome-keyring-daemon.service, add ,ssh to components:
$ systemctl --user edit gnome-keyring-daemon.service
Add the following three lines
[Service]
ExecStart=
ExecStart=/usr/bin/gnome-keyring-daemon --foreground --components="pkcs11,secrets,ssh" --control-directory=%t/keyring
~/.config/systemd/user/gnome-keyring-daemon.service.d/override.conf will get created automatically.
Enable the service:
systemctl --user enable gnome-keyring-daemon.service
Export environment variables in ~/.xinitrc or ~/.xsession:
: "${XDG_RUNTIME_DIR:=/run/user/$UID}"
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/keyring/sshThe keyrings are stored in ~/.local/share/keyrings