Comment 11 for bug 209447

for anyone using Intrepid, i pass along the following workaround supplied by Daniel Kahn Gillmor (one of the commenters on the upstream bug report linked above):

[begin quote]<blockquote>

sigh. this particular problem is such a confusing mess. it seems like
every piece of software involved is faulty in some way at least,
including ssh-add from the OpenSSH project [0].

my preferred workaround at the moment is to just avoid using the
gnome-keyring PAM module entirely. This is most simply accomplished with:

 aptitude remove libpam-gnome-keyring

though you might also be able to get away with leaving the package
installed, and just commenting out references to it in /etc/pam.d/*

If you opt for the latter approach, be aware that the config files in
/etc/pam.d can occasionally be pretty finicky -- in particular, if
you've got any rules that potentially resolve by skipping over some
fixed number of modules in the stack (e.g. "success=2" means "skip over
the next two modules if this module succeeds) [1]. Anyway, this is just
a warning to say "don't fiddle with /etc/pam.d/* unless you're either
(a) pretty sure about what you're doing, or (b) willing to experiment
and potentially temporarily break your system. I'm all for fiddling
with config files, but those are definitely finicky ones -- a good
learning experience!

After either removing the package or disabling it in the PAM config,
you'll need to log out and log back in to make it so you're using the
traditional SSH agent, which won't have this particular failure mode.

hope this helps,

 --dkg

[0] https://bugzilla.mindrot.org/show_bug.cgi?id=1612
[1]
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html

</blockquote>[end quote]

the aptitude solution worked for me, though i don't know if there might be any reasons to avoid removing libpam-gnome-keyring , so use at your own risk. here's what Daniel said about that risk:

[begin quote]<blockquote>

The drawbacks i've seen to the workaround i proposed are:

 0) the gnome-keyring daemon doesn't get started up during session login
(i think it will get started later, at a point where it can read the
configuration info well enough to not hijack the ssh-agent position)

 1) you may need to remove other packages, if they Depend:
libpam-gnome-keyring -- at one point (i dunno if this is true for your
distro), i believe the gnome metapackage itself depended on
libpam-gnome-keyring, which meant that you'd have to remove the
metapackage (and lose its nice tracking/updating features) in order to
remove the PAM module.

these are subtle changes, but it's probably good to be aware of
them -- hopefully fixing one problem doesn't cause others ;)

</blockquote>[end quote]