๐Ÿ’พ Archived View for alltext.umaneti.net โ€บ gemlog โ€บ mate-desktop-and-ssh-agent.gmi captured on 2024-09-29 at 00:26:24. Gemini links have been rewritten to link to archived content

View Raw

More Information

โฌ…๏ธ Previous capture (2024-08-18)

๐Ÿšง View Differences

-=-=-=-=-=-=-

Mate Desktop and SSH Agent, without Gnome keyring

For a long time, I used i3[1] as window manager. It was fine as I like stripped down environment. However, I missed some features of my Gnome 2 experience. Thus I moved to Mate[2] and easily configured it to match my minimalistic needs. All was perfect and I was happy with it, until I realize something was really bothering me: even with all the known methods[3] to disable Gnome keyring autostart, it keeps launching when my session starts. This behavior leads to very nasty bugs, like breaking Emacs tramp or continually bothering me to enter my passphrase.

I finally found a working solution in the Mate Session Manager[4] issues traker. So for all other people, who goes mad because of this, here is the definitive guide to definitely shut Gnome keyring down.

[1] i3 (HTTPS)

[2] Mate (HTTPS)

[3] known methods (HTTPS)

[4] a working solution in the Mate Session Manager (HTTPS)

SSH-Agent configuration

First, you need to configure your OpenSSH SSH agent. Nothing specific here, we just need to add a systemd service file for our current user, in order to automatically start the SSH agent when our session starts. I use the following file:

[Unit]
Description=SSH key agent

[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK

[Install]
WantedBy=default.target

You must save it in `\~/.config/systemd/user/ssh-agent.service'. Then enter `systemctl --user enable ssh-agent' in your console to active it at startup.

The important point here is the line `Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket', where I inform systemd to launch the ssh-agent with the environment variable set to the rather cryptic `%t/ssh-agent.socket'. The `%t' placeholder will expand to the runtime directory root[1], that is to say `/run/user/UID/'. In my case `/run/user/1000/ssh-agent.socket'. So, when ssh-agent will start, it will create a socket in this place.

To inform your desktop environment (and other programs, like Emacs), you must add this environment variable either in your `\~/.profile' file (if you'll use only TTY terminals) or, more surely in your `\~/.pam_environment' file. No other variable are available in that file, thus you must be explicit when setting the `SSH_AUTH_SOCK' variable. And yes there is a space between the variable name and `DEFAULT'. My own `\~/.pam_environment' file looks like:

SSH_AUTH_SOCK DEFAULT="/run/user/1000/ssh-agent.socket"

[1] will expand to the runtime directory root (HTTPS)

Disabling Gnome Keyring

Now that ssh-agent will start just fine, we need to disable the SSH component of Gnome Keyring.

The first step is to "officially" asking it to don't start. You must copy the default `.desktop' autostart file in your home folder to customize it. Then append two magic lines to it to remove it from the Startup Application configuration dialog (the `Hidden=True' directive) and disable it for Mate desktop only (the `X-MATE-Autostart-enabled=false' directive):

cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/
echo 'Hidden=True' >> ~/.config/autostart/gnome-keyring-ssh.desktop
echo 'X-MATE-Autostart-enabled=false' >> ~/.config/autostart/gnome-keyring-ssh.desktop

We now arrive to the core of the problem. The previous operation should have been sufficient, but there still exists a weird bug, which will spawn Gnome Keyring SSH agent each time you start your session.

To completely deactivate it, you must remove the `'keyring'' component from the `gnome-compat-startup' option in Gsettings. As this key holds an array value, the better way to do it is to use the `dconf-editor' application. Once you open it, browse to `org', then `mate', `desktop', and finally `session'. You should find the `gnome-compat-startup' in there. Click on it, unset the "Use default value" switch and remove `'keyring'' from the text field bellow. Take attention to remove the next comma. In my case, the field now contains only `['smproxy']'.

That's all, you can now enjoy a keyring-free desktop :)

Sources

[1] https://mlohr.com/gpg-agent-ssh-gnome/ (HTTPS)

[2] https://github.com/mate-desktop/mate-session-manager/issues/182 (HTTPS)

[3] https://unix.stackexchange.com/questions/315004/where-does-gnome-keyring-set-ssh-auth-sock (HTTPS)

Comments

nil

--

๐Ÿ“… vendredi 22 mars 2019 ร  12:34

๐Ÿ“ ร‰tienne Pflieger with GNU/Emacs 29.4 (Org mode 9.7.11)

๐Ÿท๏ธ Mate Desktop

๐Ÿท๏ธ SSH

๐Ÿท๏ธ Bidouille

๐Ÿท๏ธ Emacs

๐Ÿ“œ Back to gemlog

๐Ÿก Back to home

๐Ÿš€ Propelled by fronde