Ubuntu
lxsession package

SSH_AUTH_SOCK not being properly set: user has to type password even if saved in the password manager

Bug #664206 reported by Leo
50
This bug affects 7 people
Affects Status Importance Assigned to Milestone
GNOME Keyring
Unknown
Unknown
gdm (Ubuntu)
Invalid
Low
Unassigned
gnome-keyring (Ubuntu)
Invalid
Low
Unassigned
lubuntu-default-settings (Ubuntu)
Fix Released
Undecided
Unassigned
lxde-common (Ubuntu)
Invalid
Undecided
Unassigned
lxsession (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Binary package hint: lxde-common

SSH_AUTH_SOCK is not being properly set. (Or it is pointing to a sock that doesn't accomplish its job.)

Expected behavior:
You run "ssh <email address hidden>" and the password manager opens a GUI to ask for the passphrase. Once unlocked, it remains unlocked until you log off. Moreover, at that moment of unlocking you can tell it to remember the passphrase forever so it gets automatically unlocked next time you login. Any other application that uses ssh-like connections will find this key unlocked as well.

Observed behavior:
You run "ssh <email address hidden>" and it prompts you for the key passphrase in the terminal. You run it again, you are prompted again. Any other application that uses ssh-like connections will result in a passphrase prompt as well.

How to reproduce:
Enter Lubuntu session
Open Passwords and Encryption Keys
Create a Secure Shell key
Configure this key to some domain you can ssh to
Open a terminal and run ssh <email address hidden>
You are promted for a password in the terminal interface.

Partial workaround:
Here is a partial workaround for a terminal session: export SSH_AUTH_SOCK=`echo /tmp/keyring*/ssh` after the keyring-daemon has been loaded.
But it only works within the same terminal session, not for other applications that launch ssh-like processes.
Disclaim: it works for Lubuntu session inside a Ubuntu 10.04 install, with GDM as session manager.

$ printenv SSH_AUTH_SOCK
/tmp/ssh-PZgdl10603/agent.10603
$ ssh mydomain
Enter passphrase for key '/home/leorolla/.ssh/id_rsa': [pressed ^C]
$ export SSH_AUTH_SOCK=`echo /tmp/keyring*/ssh`
$ printenv SSH_AUTH_SOCK
/tmp/keyring-k3BQQd/ssh
$ ssh mydomain
Last login: Wed Oct 20 19:58:06 2010 from ....
Your default printer is ....
mydomain:leorolla> [blinking cursor!]

andopso (andopso)
Changed in gnome-keyring:
importance: Unknown → Undecided
status: Unknown → New
Revision history for this message
Julien Lavergne (gilir) wrote :

This is a known problem in Lubuntu 10.10.
However, with recent udpates from gnome-keyring in Ubuntu Natty, I can't reproduce this problem any more, with a fresh install. It also seems fixed upstream (see gnome bug report). Can someone confirm that this bug is gone in Ubuntu Natty ?

Changed in lxdm (Ubuntu):
status: New → Incomplete
importance: Undecided → Low
Revision history for this message
Sebastien Bacher (seb128) wrote :

the issue is not a gdm one

Changed in gnome-keyring (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Changed in gdm (Ubuntu):
importance: Undecided → Low
status: New → Invalid
Revision history for this message
Sebastien Bacher (seb128) wrote :

the gnome-keyring-ssh start desktop has "OnlyShowIn=GNOME;LXDE;XFCE;" so if there is an issue it's rather a lxd one

Changed in gnome-keyring (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Leo (leorolla) wrote :

Hi Julien,

I'm not using lxdm, just lxde (Lubuntu Desktop actually). I have no idea where the problem is and what the expected behavior should be (the proxy sock being different?)...

Do you know what packages from Natty it suffices to download and confirm it to be working?

It is really blocking for a workflow with bazaar+sftp for instance.

Changed in lxdm (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Julien Lavergne (gilir) wrote :

Leo,

Be sure to have gnome-keyring installed on your system, and all packages up-to-date.

Revision history for this message
Leo (leorolla) wrote :

Sorry, I forgot to say I am using Maverick. Downloading the gnome-keyring .deb in Natty is enough?

Revision history for this message
Julien Lavergne (gilir) wrote :

Probably not, the new gnome-keyring may have new dependencies. It's better to test on a full natty system, because if it's not working, we can't know if it's because your system is not natty, or if the programm is not fixed.

Revision history for this message
Leo (leorolla) wrote : Re: [Bug 664206] Re: SSH_AUTH_SOCK not being properly set: user has to type password even if saved in the password manager

I installed the package and all dependencies but the problem persists.
Is there a way to backport it? Thanks!

--
Leonardo Rolla
www.impa.br/~leorolla <http://www.impa.br/%7Eleorolla>

papukaija (papukaija)
Changed in gnome-keyring:
importance: Undecided → Unknown
status: New → Unknown
Revision history for this message
papukaija (papukaija) wrote :

I get the Gnome keyring prompt in Natty but it only happens with user accounts where Ubuntu One has been enabled. I didn't get the prompt in Ubuntu, it started after I switched to Lubuntu using Pure LXDE instructions [1]. Should I open a new bug or does it have the same root cause than this bug?

[1] http://www.psychocats.net/ubuntu/purelxde

Revision history for this message
urusha (urusha) wrote :

This problem still exists in oneiric with default lubuntu setup. SSH_AUTH_SOCK is point to ssh-agent socket which is started by /etc/X11/Xsession. Gnome-keyring starts but environment variables are not exported in LXDE/Lubuntu session. And I can not find the place where it's exported by gnome/unity session. So the only workaround I found is to add to ~/.profile or somewhere in /etc/X11/Xsession.d/...:
export `/usr/bin/gnome-keyring-daemon --start --components=ssh`

So, I think this should be fixed the way similar to gnome-session, to allow enabling/disabling it via .config/autostart gui tools.

Revision history for this message
papukaija (papukaija) wrote :

Installing libpam-gnome-keyring package solved the problem for me.

tags: added: natty oneiric
Revision history for this message
urusha (urusha) wrote :

Default lubuntu oneiric installation contains this package and there is pam_gnome_keyring in /etc/pam.d/lxdm, so, that's not the case. But your words remind me to look into /var/log/auth.log, and that's what I see there:

gnome-keyring-daemon[1498]: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files

After quick googling I found theese bugs related to this issue:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/344014
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/344444
https://bugs.launchpad.net/ubuntu/+source/xfce4-session/+bug/357346
https://bugs.launchpad.net/ubuntu/+source/xfce4-session/+bug/564831

They are mostly about xfce-session. So, it seems lxsession has exactly the same problems.

Here is the patch to startlubuntu script that solves the problem. If it's considered that lubuntu contains gnome-keyring by default, this patch seems to be sufficient.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lxde-common (Ubuntu):
status: New → Confirmed
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "export gk SSH_AUTH_SOCK via startlubuntu" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lubuntu-default-settings (Ubuntu):
status: New → Confirmed
Revision history for this message
Julien Lavergne (gilir) wrote :

Thanks for the patch, I'll add it for Precise. I'll keep a bug on lxsession, because it should be handle automaticly by lxsession

affects: lxdm (Ubuntu) → lxsession (Ubuntu)
Changed in lxde-common (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lubuntu-default-settings - 0.23

---------------
lubuntu-default-settings (0.23) precise; urgency=low

  * usr/share/lubuntu/openbox/menu.xml & rc.xml
   - Re-synchronize with upstream.
   - Workaround loose of focus of lxpanel run window (LP: #889414)
   - Add a rule to maximize all new windows with type normal.
   - Place new windows on the monitor with the mouse, rather than the primary
     monitor.
   - Use scrot -u -b (focused window with border) for the screenshot of the
     current window.
   - Add a shortcut for the power button.
   - Use horizontal presentation of the alt-tab.
   - Add a shortcut to lock the screen (LP: #912499)
  * usr/bin/startlubuntu* & usr/share/lubuntu/xscreensaver/xscreensaver:
   - Add a custom configuration file for xscreensaver, with blank mode by
     default (LP: #578789).
   - Don't append /etc/xdg in xdg path, already done by Xsession.d
   - Start gnome-keyring support for ssh before the session. Thanks urusha for
     the patch (LP: #664206).
 -- Julien Lavergne <email address hidden> Thu, 26 Jan 2012 00:48:09 +0100

Changed in lubuntu-default-settings (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.