KDE Wallet keeps asking for password for apps it shouldn't

Bink · July 17, 2024, 1:37am

The things I cover here would be a principle that applies to setting up SSH with public key encryption to any remote server/system. I don’t use the DMS to copy over the needed public key, rather interface directly with the NAS over SSH to do that.

The unique encryption keys are generated on the client system (your workstation). Something like this command, but when asked, leave the passphrase empty so you can connect to your NAS without needing to enter a password to use these keys:

ssh-keygen -t ed25519 -C “nomad@nomadsPC” -f ~/.ssh/nomadsnas_ed25519

That will generate two files in ~/.ssh/. The first is your private key (keep it safe!), the second (.pub) is your shareable public key:

nomadsnas_ed25519
nomadsnas_ed25519.pub

The simplest way to get the public key on the NAS is:

ssh-copy-id -p 22 -i ~/.ssh/nomadsnas_ed25519.pub nomad@nomadsnas

You’ll need to change the port (22), key name (nomadsnas_ed25519.pub), username (nomad) and NAS IP (nomadsnas) accordingly.

If for some reason that doesn’t work, there are two other methods you might try:

A slightly more manual way is to pipe it through the standard method of ssh connection, into the target file on the NAS, again changing the details as necessary:

cat ~/.ssh/nomadsnas_ed25519.pub | ssh -p 22 nomad@nomadsnas "cat >> ~/.ssh/authorized_keys"

Manually: Copy the contents of your public key file, then ssh into your NAS and paste that as a new line in the ~/.ssh/authorized_keys file on the NAS. You’ll probably need to use vi to edit the file on the NAS, so hopefully you’re familiar with that. If you get stuck with this option, say, I can offer some other pointers.

If all has gone well, and everything is correctly configured in your PC’s ~/.ssh/config file, you should be able to ssh into your NAS without it any prompt for a password, and sftp should behave the same way.

Where this sometimes fails, is a simple permissions issue within the ~/.ssh directory of NAS or PC. If these aren’t tight enough, ssh will consider the folder at risk and fail the connection. Permissions should be:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/*

Bink · July 17, 2024, 1:42am

Looking at all this, I realise it probably appears rather complicated. Perhaps having had set up connections like this so many times, it’s fairly run of the mill now.

For the most part it can be summarised as:

Generate a key pair (technically optional if reusing an existing key)
Install public key on remote system.
Add entry to ~/.ssh/config

It’s a worthwhile thing to learn though, if you make a habit of remoting into systems.

Cphusion · July 17, 2024, 5:40am

So it seems the SMB connections you have in Dolphin do use kwallet. You could choose to not use Dolphin to mount your smb share but instead mount it through fstab.
https://wiki.archlinux.org/title/samba#As_mount_entry
https://wiki.archlinux.org/title/samba#Storing_share_passwords
If you do that be sure to add uid and gid in your mount option as mentioned here.
https://wiki.archlinux.org/title/samba#Manual_mounting

If you don’t like that solution you will have to find another solution that works for you and maybe check if you pam configuration for kwallet are correct and corresponds what’s documented here.
https://wiki.archlinux.org/title/KDE_Wallet#Configure_PAM

Nomad · July 17, 2024, 5:21pm

I tried setting up the SFTP all morning and I kept going in circles with the result still asking for username and password.

After looking into it much deeper, I think I am going to try NFS and fstab mounting to see how that works out.

Thanks anyway!

Nomad · July 17, 2024, 7:10pm

I am going to attempt this method, but I am wondering if NFS is a better protocol to use as I am reading it’s a Linux native protocol?

Cphusion · July 17, 2024, 7:16pm

If your nas supports nfs, it’s better supported on Linux because it’s made for Unix-like systems and SMB is a Windows file-sharing protocol.

Nomad · July 17, 2024, 7:21pm

Perfect. I am going to attempt it right now.

Nomad · July 17, 2024, 8:20pm

@Cphusion @Bink

Gentlemen, NFS connection with fstab is a success and problem solved.

Goodbye kdewallet for good

Nomad · July 17, 2024, 9:42pm

Ah, I spoke too soon.

All is good, but ventoy still asks for password.

This must be unrelated to kdewallet?

BluishHumility · July 19, 2024, 11:37pm

Yes, that looks like a polkit window. Probably that application needs to be run as root but you have run it as an ordinary user. Your sudo password should work for that one.

Nomad · July 19, 2024, 11:54pm

I was able to solve this superuser password prompt by creating the following sudoers.d rule and then adding sudo to the beginning of the exec string in the .desktop file for ventoy:

user ALL=(ALL) NOPASSWD: /usr/bin/ventoygui

BluishHumility · July 20, 2024, 12:17am

Interesting approach. Be sure to save a copy of your custom desktop file in ~/.local/share/applications so your modifications are not overwritten when the application is updated.

If you are happy to close this one down, go ahead and mark one of the replies above as a solution for the benefit of future forum searchers.

Nomad · July 20, 2024, 12:48am

Good advice. Thanks

system · July 22, 2024, 12:49am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.