GNOME Keyring

From ParabolaWiki
Jump to: navigation, search
This article is a stub.
This typically means the article is a placeholder for more content to come. Knowledgeable users are encouraged to help expand the article.

The GNOME Keyring stores passwords in an encrypted file that can be accessed by applications.

1 Manage using GUI

pacman -S seahorse

It is possible to leave the gnome keyring password blank. In seahorse, on the Passwords tab, right click on "Passwords: login" and pick "Change password." Enter the old password and leave empty the new password. You will be warned about using unencrypted storage; continue by pushing "Use Unsafe Storage."

2 Use Without Gnome

It is possible to use GNOME Keyring without the rest of the gnome desktop. This can be accomplished by adding to your .xinitrc:

# Start a dbus-session
source /etc/X11/xinit/xinitrc.d/30-dbus
# Start Gnome-Keyring
eval $(/usr/bin/gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
# You probably need to do this too:
export SSH_AUTH_SOCK
export GPG_AGENT_INFO
export GNOME_KEYRING_CONTROL
export GNOME_KEYRING_PID

See Bug #13986 for more info.

On Xfce you may need to disable gpg-agent, silently loaded at startup by xfce4-session, otherwise the above environment variables will be overwritten. Execute the following command, then log out and log in again:

xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled -n -t bool -s false

3 SSH Keys

To add your SSH key:

$ ssh-add ~/.ssh/id_dsa
Enter passphrase for /home/mith/.ssh/id_dsa:

To list automatically loaded keys:

$ ssh-add -L

To disable all keys;

$ ssh-add -D

Now when you connect to a server, the key will be found and a dialog will popup asking you for the passphrase. It has an option to automatically unlock the key when you login. If you check this you will not need to enter your passphrase again!

4 Gnome Keyring dialog and SSH

Run in a terminal, the following:

$ gnome-keyring-daemon -s

Output will get a few lines, but in reality we are interested, SSH_AUTH_SOCK, example:

GNOME_KEYRING_C.................
SSH_AUTH_SOCK=/run/user/1000/keyring-XXXXXX/ssh
GPG_AGENT_INF...................

Now you should add to your ~/.bashrc, according to the output of the previous command, for example:

SSH_AUTH_SOCK=`netstat -xl | grep -o '/run/user/1000/keyring-.*/ssh$'`
[ -z "$SSH_AUTH_SOCK" ] || export SSH_AUTH_SOCK

If you run on your terminal the following:

$ echo $SSH_AUTH_SOCK

will return something like the following:

/run/user/1000/keyring--XXXXXX/ssh

Now when you connect with ssh, gnome-keyring dialog will launch the "entry of the passphrase"

5 Unlock at Startup

GNOME's login manager (gdm) will automatically unlock the keyring once you login, for others it is not so easy.

For SLiM, see SLiM#SLiM_and_Gnome_Keyring, This method works for KDM as well, but you need to edit /etc/pam.d/kde instead of /etc/pam.d/slim.

If you are using automatic login, then you can disable the keyring manager by setting a blank password on the login keyring. Note: your passwords will be stored unencrypted if you do this.

6 Acknowledgement

This wiki article is based on ArchWiki. We may have removed non-FSDG bits from it.