Bug#473864: gnome-keyring: Takes over SSH agent functionality without warning

Bill Wohler wohler at newt.com
Sat Apr 5 17:52:28 UTC 2008 

Package: gnome-keyring
Version: 2.22.0-2
Severity: normal

Josh Triplett <josh at freedesktop.org> wrote:

> gnome-keyring apparently supports SSH agent functionality now.  While
> a somewhat interesting feature, it managed to break my working
> libpam-ssh setup, which has the advantage of working in sessions that
> don't involve logging into GNOME.

I just spent the last few hours trying to figure out why ssh-add
suddenly started spitting out SSH_AGENT_FAILURE. As it turns out, I can
still use ssh without a password, but now I'm concerned. What is this
gnome-keyring? Does it supersede ssh-agent? If so and because it seems
to have more functionality than ssh-agent, where can I learn more about
it? Are my passwords kept on disk anywhere? If so, how are they
encrypted? Do I still use ssh-add or use those pop-ups that I've seen? I
use expiration times with ssh-add--are those supported? I logged out of
my GNOME session and logged back in and my password was still cached! I
don't like that at all.

>                                    It also created ~/.ssh/*.keystore
> files for my private keys.  Please add a NEWS.Debian item telling
> people about this change, and please document how to disable it (set
> the gconf key /apps/gnome-keyring/daemon-components/ssh to false).

I agree. Thanks for the tip about the gconf key. In addition, I would
love to hear answers to my questions above and I'd suggest that those
answers be captured in a README.Debian file as well.

Because of the impact that this change has, I'd also suggest adding
modifying the preinst script to display a dialog with the content of
NEWS.Debian with a pointer to the README.Debian file.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (600, 'testing'), (80, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnome-keyring depends on:
ii  gconf2                      2.22.0-1     GNOME configuration database syste
ii  libatk1.0-0                 1.20.0-1     The ATK accessibility toolkit
ii  libc6                       2.7-6        GNU C Library: Shared libraries
ii  libcairo2                   1.4.14-1     The Cairo 2D vector graphics libra
ii  libdbus-1-3                 1.1.20-1     simple interprocess messaging syst
ii  libgconf2-4                 2.22.0-1     GNOME configuration database syste
ii  libgcrypt11                 1.4.0-3      LGPL Crypto library - runtime libr
ii  libglib2.0-0                2.16.1-2     The GLib library of C routines
ii  libgtk2.0-0                 2.12.9-2     The GTK+ graphical user interface 
ii  libhal-storage1             0.5.11~rc2-1 Hardware Abstraction Layer - share
ii  libhal1                     0.5.11~rc2-1 Hardware Abstraction Layer - share
ii  libpango1.0-0               1.20.0-1     Layout and rendering of internatio
ii  libtasn1-3                  1.3-1        Manage ASN.1 structures (runtime)

Versions of packages gnome-keyring recommends:
ii  libpam-gnome-keyring          2.22.0-2   PAM module to unlock the GNOME key

-- no debconf information

-- 
Bill Wohler <wohler at newt.com>  http://www.newt.com/wohler/  GnuPG ID:610BD9AD

More information about the pkg-gnome-maintainers mailing list