Issue with gnome-keyring 1.46, ssh key password not stored

R4funk.51 · February 20, 2024, 8:04am

Hi All,

Yesterday I updated my system and I got gnome-keyring 1.46,
now it doesn’t remember my SSH keys password anymore.

Looking around I found some related stuff:

Since GNOME 46.0 the SSH functionality is disabled by default in gnome-keyring-daemon builds. It has been moved into /usr/lib/gcr-ssh-agent, which is part of gcr. The plan is to completely remove the implementation in gnome-keyring-daemon.

open issue on gnome
Port ssh-agent from gnome-keyring
SSH_AUTH_SOCK went missing from the session

what I see on my system:

$ cat /usr/lib/systemd/user/gcr-ssh-agent.service 
[Unit]
Description=GCR ssh-agent wrapper

Requires=gcr-ssh-agent.socket

[Service]
Type=simple
StandardError=journal
Environment=SSH_AUTH_SOCK=%t/gcr/ssh
ExecStart=/usr/lib/gcr-ssh-agent --base-dir %t/gcr
Restart=on-failure

[Install]
Also=gcr-ssh-agent.socket
WantedBy=default.target

$ sudo systemctl status gcr-ssh-agent.service
Unit gcr-ssh-agent.service could not be found.

$ sudo systemctl start gcr-ssh-agent.service
Failed to start gcr-ssh-agent.service: Unit gcr-ssh-agent.service not found.

$ echo $SSH_AUTH_SOCK
/tmp/ssh-XXXXXX9eY631/agent.20519

$ locate gcr-ssh-agent.socket
/etc/systemd/user/sockets.target.wants/gcr-ssh-agent.socket
/usr/lib/systemd/user/gcr-ssh-agent.socket

I’m looking for a workaround at the moment.
Any help is appreciated.

TheRaOct · February 20, 2024, 8:21am

Thanks for the summary, I struggled to find the information that the SSH functionality was moved out of the gnome-keyring-daemon and already started pulling my hair out over the issue

I think you need to start gcr as a user unit, i.e. run systemctl enable gcr-ssh-agent.socket --user, and then export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gcr/ssh (wherever you set environment variables in your DE/WM).

For example, my sway startup in .zprofile now reads:

# If running form tty1 start sway
if [ -z "${DISPLAY}" ] && [ "${XDG_VTNR}" -eq 1 ]; then
	eval $(gnome-keyring-daemon --start) #Not sure if this is still necessary
	export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gcr/ssh #New
	export ENVS_STUFF #All my other environment things
	exec sway --unsupported-gpu
fi

Hope this fixes your issue as well.

R4funk.51 · February 20, 2024, 10:17am

It worked, thanks

system · February 22, 2024, 10:17am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.