Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Gnome-keyring - unlocked

Message
Author
User avatar
dreamer
Forum Regular
Forum Regular
Posts: 255
Joined: Sun Oct 15, 2017 11:34 am

Re: Gnome-keyring - unlocked

#61 Post by dreamer » Fri Oct 05, 2018 8:07 pm

fehlix wrote:
Fri Oct 05, 2018 6:17 pm
Could you check "sometimes" with "Password and Keys" the login-keyring is locked or shows unlocked after logged in.
Are there more than one keyring there? Another keyring with name "login" which is not a login-keyring :confused:.
Is gnome-keyring-secrets starting in autostart?
Problem solved. Thanks, fehlix. :happy:
Secret Storage Service (GNOME Keyring: Secret Service)

Code: Select all

/usr/bin/gnome-keyring-daemon --start --components=secrets
This checkbox wasn't marked in Application Autostart. Evolution, Skype and Chrome now start without keyring prompt. I have only one keyring and it is unlocked.

Here is the updated procedure:
1. install libpam-gnome-keyring AND MAKE SURE the service is marked in Application Autostart
2. delete everything in "Password and Keys" application unless you have something important there
3. delete ~/.local/share/keyrings
4. reboot

User avatar
c4os
Forum Novice
Forum  Novice
Posts: 64
Joined: Tue Jun 19, 2018 12:28 pm

Re: Gnome-keyring - unlocked

#62 Post by c4os » Tue Oct 09, 2018 4:16 am

I'll get an error with the command:

Code: Select all

$ /usr/bin/gnome-keyring-daemon --start --components=secrets
** Message: couldn't access control socket: /run/user/1000/keyring/control:  Datei oder Verzeichnis nicht gefunden
"Datei oder Verzeichnis nicht gefunden" means file or directory not found.
Courious, there is a file called control:

Code: Select all

$ ls -l /run/user/1000/keyring/
insgesamt 0
srwxr-xr-x 1 c4os c4os 0 Okt  9 09:33 control
And ssh still asks me for the password of my ~/.ssh/id_rsa.
My look on the autostart commponents found an agent for ssh. But this wont also help.

Code: Select all

$ /usr/bin/gnome-keyring-daemon --start --components=ssh
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
ssh still asks my password.
Maybe I need Gnome terminal to bring it to work?
But I want to keep my lovely Terminator.

Will my ssh and gpg keys removed from my system when I delete it's from password and encryption app?

The only one which works on my side with ssh is:

Code: Select all

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/c4os/.ssh/id_rsa: 
Identity added: /home/c4os/.ssh/id_rsa (/home/c4os/.ssh/id_rsa)
Powered on: MX 17 Horizon x86_64
Hardware: Dell Latitude E4300 - CPU: Intel Core 2 Duo P9600 (2) @ 2.535GHz - Memory: 4GB
Style: Resolution: 1280x800 - WM Theme: Balou - Theme: Blackbird [GTK2/3] - Icons: Papirus-Dark [GTK2]

User avatar
fehlix
Forum Guide
Forum Guide
Posts: 2407
Joined: Wed Apr 11, 2018 5:09 pm

Re: Gnome-keyring - unlocked

#63 Post by fehlix » Tue Oct 09, 2018 5:19 am

c4os wrote:
Tue Oct 09, 2018 4:16 am
I'll get an error with the command:

Code: Select all

$ /usr/bin/gnome-keyring-daemon --start --components=secrets
** Message: couldn't access control socket: /run/user/1000/keyring/control:  Datei oder Verzeichnis nicht gefunden
That's a message is to inform that no running daemon exists, so it will create a new gnome-keyring control-soccket.
c4os wrote:
Tue Oct 09, 2018 4:16 am
ssh still asks my password.
Maybe I need Gnome terminal to bring it to work?
But I want to keep my lovely Terminator.
The keyring component starts from with autostart, no need for gnome terminal.
We need to look into this, to find a way to fix this.
c4os wrote:
Tue Oct 09, 2018 4:16 am
Will my ssh and gpg keys removed from my system when I delete it's from password and encryption app?
"Password and Keys" provides not only access to gnome-keyring, but also to your gpg-keyring and ssh-key's.
So yes you can remove within Password and Keys (Seahorse), your gnupg and ssh-key , if you like :happy:
c4os wrote:
Tue Oct 09, 2018 4:16 am
The only one which works on my side with ssh is:

Code: Select all

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/c4os/.ssh/id_rsa: 
Identity added: /home/c4os/.ssh/id_rsa (/home/c4os/.ssh/id_rsa)
Yea, using ssh-add + ssh- agent seem to be the most reliable way to deal with single-sign-on ssh-authentication.
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

agrendel
Forum Novice
Forum  Novice
Posts: 12
Joined: Fri May 18, 2018 3:23 pm

Re: Gnome-keyring - unlocked

#64 Post by agrendel » Thu Nov 01, 2018 7:30 am

It's all very confusing :confused:
Should there separate Login keyring as well as the default and should they both be left open after I run Chromium or Geary?
I followed the the procedure described after "Default keyring already exists" in the Wiki mentioned in this subject. I had already installed libpam-gnome-keyring but I never saw the mention of "Automatically unlock this keyring whenever I’m logged in" when unlocking the Default keyring. However, on logging back in I briefly saw a mention of this automatic option already ticked in a pop-up immediately after I entered my normal user password.
Now everything sees to work without any requests to re-enter passwords as mentioned by some other users here. However, as I mentioned, I'm a bit concerned that both keyrings are left permanently open as long as I'm logged in. Is this normal?

agrendel
MX 17.1_x64 Horizon: Thinkpad X220, Core i5-2540M, 8GB RAM Kernel 4.15.0-1-amd64

User avatar
fehlix
Forum Guide
Forum Guide
Posts: 2407
Joined: Wed Apr 11, 2018 5:09 pm

Re: Gnome-keyring - unlocked

#65 Post by fehlix » Thu Nov 01, 2018 9:17 am

agrendel wrote:
Thu Nov 01, 2018 7:30 am
Should there separate Login keyring as well as the default and should they both be left open after I run Chromium or Geary?
It depends, if the login keyring is also marked as "default" an application might "decide" to use this "default" login-keyring.
Not sure about Geary, some applications requesting to use a keyring with the name "default" some other with the property "default".
agrendel wrote:
Thu Nov 01, 2018 7:30 am
However, as I mentioned, I'm a bit concerned that both keyrings are left permanently open as long as I'm logged in. Is this normal?
Well, that's per design. If you want to lock the keyrings manually, you can bind a desktop-shortcut or a keyboard-shortcut to this command:

Code: Select all

gnome-keyring-daemon --replace --daemonize
After running the command, gnome-keyring will be restarted and by this goes into the state of locked keyrings.
Note: If you would now restart Chromium or Geary, you will get prompted to enter the password for
the used "default" keyring. You can check the used password of the "default" keyring by changing password e.g. using the identical password
within Password and Key (aka Seahorse).

If you are still confused, don't hesitate to formulate the unknown :blindfold:
:puppy:
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

agrendel
Forum Novice
Forum  Novice
Posts: 12
Joined: Fri May 18, 2018 3:23 pm

Re: Gnome-keyring - unlocked

#66 Post by agrendel » Fri Nov 02, 2018 7:53 am

Many thanks fehlix for your prompt and very complete reply. As I have a mini-PC also running mx-linux now I decided to try the same operation as on my Thinkpad and the result was more or less the same except that I had to log back in twice for the automatic opening of the default and log-in keys to be completed. The first login asked for my password but had the box "Automatically unlock this keyring whenever I’m logged in" already ticked so on the second login the second key was added and both are now unlocked. Works fine.
MX 17.1_x64 Horizon: Thinkpad X220, Core i5-2540M, 8GB RAM Kernel 4.15.0-1-amd64

User avatar
namida12
Forum Guide
Forum Guide
Posts: 1810
Joined: Sun Apr 01, 2007 4:54 pm

Re: Gnome-keyring - unlocked

#67 Post by namida12 » Mon Nov 12, 2018 1:26 am

fehlix,

I certainly hope this is fixed and does not require any fixes for new or experienced users of MX-18 or MX-17.2 in the forthcoming release...

JR

User avatar
dphn
Forum Novice
Forum  Novice
Posts: 18
Joined: Sun Nov 25, 2018 7:26 am

Re: Gnome-keyring - unlocked

#68 Post by dphn » Tue Nov 27, 2018 12:30 pm

Hello to all. I'm new to this forum.

Hope the next release comes per default with libpam-gnome-keyring. In Xfce DE you must also set Settings>Session and Startup>Advanced and selecting Launch Gnome Services on Startup per default. Works nicely.
for those with an eye for the finer details...

User avatar
Jerry3904
Forum Veteran
Forum Veteran
Posts: 23026
Joined: Wed Jul 19, 2006 6:13 am

Re: Gnome-keyring - unlocked

#69 Post by Jerry3904 » Tue Nov 27, 2018 12:53 pm

Welcome, and thanks for the tip.
Production: 4.15.0-1-amd64, MX-17.1, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 8 GB, SSD 120 GB, Data 1TB
Testing: AAO 722: 4.15.0-1-386. MX-17.1, AMD C-60 APU, 4 GB
Personal: XPS 13, 4.18.0-19.3-liquorix, 4 GB

User avatar
fehlix
Forum Guide
Forum Guide
Posts: 2407
Joined: Wed Apr 11, 2018 5:09 pm

Re: Gnome-keyring - unlocked

#70 Post by fehlix » Tue Nov 27, 2018 1:01 pm

dphn wrote:
Tue Nov 27, 2018 12:30 pm
In Xfce DE you must also set Settings>Session and Startup>Advanced and selecting Launch Gnome Services on Startup per default.
Not necessarily. For unlocking (and/or creating) the default keyring libpam will already trigger gnome-keyring-daemon at login-time. So there is no need to start gnome-keyring again, it might even conflicting with the already running daemon. Only for additional keyring-components like ssh-agents or certificat-access additional autostart-entries might need to get turned on.
At least this is the theory. Anyway for any app which really does not work without the already running daemon, we migth have a look for find the reason for this.
:puppy:
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

Post Reply

Return to “Software / Configuration”