Gnome-keyring - unlocked

Post Reply
Message
Author
User avatar
namida12
Posts: 437
Joined: Sun Apr 01, 2007 4:54 pm

Re: Gnome-keyring - unlocked

#51 Post by namida12 »

dolphin_oracle wrote: Tue Sep 25, 2018 7:40 pm
namida12 wrote: Tue Sep 25, 2018 7:30 pm
dolphin_oracle wrote: Tue Sep 25, 2018 7:24 pm Antix might not have gnome-keyring installed. That would be something to check
Think is is installed see my list, but how would I check?

JR
check in synaptic. its shows all the status of each package.

but I see in your list that libpam-gnome-keyring is already installed in antiX (as Felix noted). so that is the difference. MX didn't have libpam-gnome-keyring by default (next release will).
Felix & dolphin_oracle,

I added libpam-gnome-keyring to MX via Synaptic, and shutdown my MX system. When it reopened discovered It did not remember any passwords including Synaptic.
MX had forgotten all of my passwords.

Not true, I synced my Google Chrome accounts via the Chromebook because I was using that system for a video chat and now I have access to most of the passwords via Google Chrome, but still do not have access to Synaptic.
Update: restarting MX several times and using a terminal with su I was able to access Synaptic, and it now works using the GUI... Glitch, or just my typing? it is now working, or could it be libpam-systemd in MX?

Should I remove libpam-systemd? It is not installed in AntiX


JR

User avatar
namida12
Posts: 437
Joined: Sun Apr 01, 2007 4:54 pm

Re: Gnome-keyring - unlocked

#52 Post by namida12 »

I added libpam-gnome-keyring to MX via Synaptic to second MX 17.1 computer and restarted. Works well no problems with passwords.

Will call Apple phone user friend and have her add this to her MX 17.1 linux computer and see how it affects her Google Chrome passwords & MX Linux install...
Then I will update this thread...

JR

User avatar
fehlix
Developer
Posts: 10310
Joined: Wed Apr 11, 2018 5:09 pm

Re: Gnome-keyring - unlocked

#53 Post by fehlix »

namida12 wrote: Wed Sep 26, 2018 1:46 am I added libpam-gnome-keyring to MX via Synaptic, and shutdown my MX system. When it reopened discovered It did not remember any passwords including Synaptic.
MX had forgotten all of my passwords.
OK, I digged into this a bit further ...
After adding libpam-gnome-keyring and having removed all
keyring-files from ~/.local/share/keyrings
only a logout/login is required. PAM will create a new login-keyring.
This new keyring will also become the "default" keyring, i.e. it has
the properties to be "default". And further PAM will unlock
this "default" login-keyring after you logged-in with a password.

Chrome will now see the new "default" keyring and will further use
this empty keyring to populated after syncing with your passwords.

Synaptic: We do have two GUI-ways to start synaptic, either through
the menu or through right-click of apt-notifier.
Starting synaptic through the menu will go through a pkexec-authentication
and will always ask for a password.

When you start synaptic through apt-notifier-icon it
goes with help of /usr/bin/su-to-root to a call of gksu.
Gksu is enabled with a PAM-API to call gnome-keyring.

And now we should assume that gksu would also use the "default" keyring,
which happens to be the login-keying, when you request the entered
password to be saved "permanently" not only for the session.

When you now enter the password to be saved "remember password"
it will than asked you to enter the password for a new "default" keyring.

And this is an outstanding bug with Gnome/GTK, which I remember have seen
a couple of years ago when gnome-keyring still was young.

The issue is that the gnome/gtk developer seem to be got confused
about the gnome-keyring API and the use of the term "default keyring".

The GTK-implementation used by gksu unfortunately misinterprets
the API-documention and do look for a keyring with the name "default"
instead of the property "default".
So the popup to create a new "default" keyring is about to create a new keyring
with the name "default", instead of using the existing "default" login-keyring

An the other side Chrome/Chromium are doing it right, both using
the existing login-keying (property default) to store/save the passwords.

Now what? The workaround is simple: Let GTK/gksu create
the new "default-keyring", i.e. enter any password you like.
The keyring will be unlocked by PAM. But you might still
enter than once again the password for the "default-keyring" where
you than got an option to click "remember password to unlock after login."

Summary: If you use app which intern relies on gksu, you might still need to"create" a new "default" keyring,
due to a gtk "bug" if you want to store the entered "root" password permanently.
Solution just create the new "default" keyring and click next time remember, if you like.

Ufff .. to many words .. I know .. sorry :turtle:
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Gnome-keyring - unlocked

#54 Post by c4os »

Is it possible to store ssh key passwords also?
Don't want to type it at any time.
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
fehlix
Developer
Posts: 10310
Joined: Wed Apr 11, 2018 5:09 pm

Re: Gnome-keyring - unlocked

#55 Post by fehlix »

c4os wrote: Wed Oct 03, 2018 10:54 am Is it possible to store ssh key passwords also?
Don't want to type it at any time.
Yes. In addition to other ssh-agents like libpam-ssh, ssh-agent and gnupg-agent,
you can also use ssh-components of Gnome-keyring to provide a ssh-agent
single-sign-on functionality.

A short How-to enable SSH-single sign-on through Gnome-keyring:
-> enable Gnome-keyring's SSH-agent within session autostart
-> save your ssh-passphrase of your "my_ssh_key" within gnome-keyring like this:

Code: Select all

cd $HOME/.ssh
/usr/lib/x86_64-linux-gnu/seahorse/seahorse-ssh-askpass my_ssh_key
where my_ssh_key is the filename of your pub/sec keys without extension.

Make sure you marked the gnome-keyring which holds your ssh-passphrase
as "Automatically unlock ....", which you can check and set within Seahorse (aka "Passwords and Keys").
Note further you shall only enable/use one ssh-agent to reduce confusion 9_9
:puppy:
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Gnome-keyring - unlocked

#56 Post by c4os »

fehlix wrote: Wed Oct 03, 2018 12:03 pm
c4os wrote: Wed Oct 03, 2018 10:54 am Is it possible to store ssh key passwords also?
Don't want to type it at any time.
Yes. In addition to other ssh-agents like libpam-ssh, ssh-agent and gnupg-agent,
you can also use ssh-components of Gnome-keyring to provide a ssh-agent
single-sign-on functionality.

A short How-to enable SSH-single sign-on through Gnome-keyring:
-> enable Gnome-keyring's SSH-agent within session autostart
-> save your ssh-passphrase of your "my_ssh_key" within gnome-keyring like this:

Code: Select all

cd $HOME/.ssh
/usr/lib/x86_64-linux-gnu/seahorse/seahorse-ssh-askpass my_ssh_key
where my_ssh_key is the filename of your pub/sec keys without extension.

Make sure you marked the gnome-keyring which holds your ssh-passphrase
as "Automatically unlock ....", which you can check and set within Seahorse (aka "Passwords and Keys").
Note further you shall only enable/use one ssh-agent to reduce confusion 9_9
:puppy:
I' ll get some messages:

Code: Select all

$ /usr/lib/x86_64-linux-gnu/seahorse/seahorse-ssh-askpass my_ssh_key 

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:186:14: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:186:14: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:2749:24: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:2749:24: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:2940:14: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:2940:14: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:2946:17: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:4083:14: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:4083:14: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:4088:17: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:4729:14: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:4729:14: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: xfce.css:47:16: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: xfce.css:47:16: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:16:14: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:16:14: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:26:14: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:26:14: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:40:16: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:40:16: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:96:14: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:100:16: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:100:16: Expected a string.

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:279:14: not a number

(seahorse-ssh-askpass:6294): Gtk-WARNING **: Theme parsing error: lightdm-gtk-greeter.css:279:14: Expected a string.
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
And after a "ssh myserver" it asks me again for password.
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
fehlix
Developer
Posts: 10310
Joined: Wed Apr 11, 2018 5:09 pm

Re: Gnome-keyring - unlocked

#57 Post by fehlix »

c4os wrote: Wed Oct 03, 2018 12:53 pm And after a "ssh myserver" it asks me again for password.
Not sure. Perhaps try using libpam-ssh, which requires to enter the ssh-pasphrase once within a session.
apt show libpam-ssh wrote: Description: Authenticate using SSH keys
This pluggable authentication module (PAM) provides single sign-on
using secure shell (SSH) keys:
- during authentication, the user types a SSH passphrase and is authenticated
if the passphrase successfully decrypts the user's SSH private keys;
- in session phase, a ssh-agent process is started and decrypted keys are
added, and thus the user can SSH to other hosts that accept key
authentication without typing more passwords for the entire session.
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
c4os
Posts: 29
Joined: Tue Jun 19, 2018 12:28 pm

Re: Gnome-keyring - unlocked

#58 Post by c4os »

fehlix wrote: Wed Oct 03, 2018 1:20 pm
c4os wrote: Wed Oct 03, 2018 12:53 pm And after a "ssh myserver" it asks me again for password.
Not sure. Perhaps try using libpam-ssh, which requires to enter the ssh-pasphrase once within a session.
apt show libpam-ssh wrote: Description: Authenticate using SSH keys
This pluggable authentication module (PAM) provides single sign-on
using secure shell (SSH) keys:
- during authentication, the user types a SSH passphrase and is authenticated
if the passphrase successfully decrypts the user's SSH private keys;
- in session phase, a ssh-agent process is started and decrypted keys are
added, and thus the user can SSH to other hosts that accept key
authentication without typing more passwords for the entire session.
libpam-ssh doesn' t work.

ssh-agent only works with one session.
I tried:

Code: Select all

$ eval `ssh-agent`
Agent pid 2157

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/user/.ssh/id_rsa:
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
If I run 'ssh-add ~/.ssh/id_rsa', it will help to unlock my key. No need to type in again.
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
dreamer
Posts: 738
Joined: Sun Oct 15, 2017 11:34 am

Re: Gnome-keyring - unlocked

#59 Post by dreamer »

dreamer wrote: Tue Sep 25, 2018 6:01 pm I think namida12 wanted to know why it happens in MX, but not in Antix. Anyway, I didn't manage to get rid of them completely at first so this is my extended procedure (just did it and works so far):

(I don't care about saved passwords, they may disappear with this method and have to be reentered)

1. install libpam-gnome-keyring
2. delete everything in "Password and Keys" application unless you have something important there
3. delete ~/.local/share/keyrings
4. reboot

That should do it (I hope).
I did what I described above. Sometimes it works, but sometimes Evolution and Skype show this message:

Image

I accept defeat by Gnome keyring. There is probably some bug in gnome-keyring (as fehlix described). I never saw it in Ubuntu, but it may be present in newer Ubuntu versions that I haven't used.

User avatar
fehlix
Developer
Posts: 10310
Joined: Wed Apr 11, 2018 5:09 pm

Re: Gnome-keyring - unlocked

#60 Post by fehlix »

dreamer wrote: Fri Oct 05, 2018 4:12 pm Sometimes it works, but sometimes Evolution and Skype show this message:
"Sometimes?" - Any systematic? after (re-)boot, logout, login, after suspense?
The message shows the "login" keyring was not unlocked.
Could you check "sometimes" with "Password and Keys" the login-keyring is locked or shows unlocked after logged in.
Are there more than one keyring there? Another keyring with name "login" which is not a login-keyring :confused:.
Is gnome-keyring-secrets starting in autostart?
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

Post Reply

Return to “Software / Configuration”