Child pages
  • Using ssh-agent & gpg-agent under Xfce4 utilizing gnome-keyring-daemon
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Introduction & Motivation

My path to Xfce4

I was pretty happy with icewm, especially loving the alphabetical navigation in it's OS/2 style Strg-Esc window list. Sadly the order in which Alt-Tab showed windows started to be messed up. Had to give it up.

Then I was happy with KDE 3.x. Sadly they started KDE 4, making it unusable by trying to copy some things from Windows Vista and MacOS. Had to give it up.

Then I was satisfied by Gnome 2.x. Sadly they started Gnome 3, making it unusable by trying to copy some things from MacOS, Unity, Windows 7. Had to give it up.

Now I am ok using Xfce4.

Issue: poor ssh agent management

I like to enter the ssh key password exactly once right after logging in, and have it availabe in a ssh-agent in several auto-started terminal windows right away.

Sadly this seemed impossible.

After this drove me crazy for the 100th time I finally invested a whole sunday afternoon in research and came to what looks like a solution.

Agent starting variants

Old auto-started script approach: Load daemon in auto-started script. Sadly it is executed too late and/or too far down the process tree. Had to give it up.

Command line login approach, startx: When starting X11 using startx instead of a display manager .xinitrc is are called early enough. I like the graphical login though. Didn't really try it this time.

Gnome approach: Use gnome-keyring-daemon.activating 

My solution

Choose ssh-askpass variant

There are several ssh-askpass programs allowing to enter the ssh key password in a nice window. I like ssh-askpass-gnome.

To make sure the preferred one is used, make sure only one ssh-askpass* package installed.

Prepare script forcing early ssh-add

I have a kind-of autostart script that performs a few initial commands that don't go well into window manager settings.

To trigger the graphical query for the ssh key password, it simply contains a dummy ssh command:

# ...
# ssh-agent is already present, we need to trigger a ssh-add that really feeds the ssh-agent
ssh $USER@localhost pwd
# further commands can rely on loaded ssh keys
# ...

If you create a new autostart script, do not forget to chmod u+x it.

Activate autostart script and gnome-keyring-daemon

Start xfce4-session-settings.

In the "Application Autostart" tab, add your autostart script. Do NOT use a short form like ~/, instead specify the full path, like /home/jdoe/

In the last tab, "Advanced", activate "Launch GNOME services on startup".


Try it by logging out and in again.

Obligatory further reading: Evil Traps in ssh-add behaviour

gnome-keyring-daemon makes ssh-add behave weird

When using gnome-keyring-daemon, it acts ssh- and gpg-agent, but it behaves quite differently in a nerve breaking manner, making ssh-add look broken:

  • ssh-add -l used towards gnome-keyring-daemon always shows all ssh-keys known (!) to the gnome keyring, NOT only the ones that are decrypted in-memory!
  • ssh-add -d or ssh-add -D seems (!) to have no effect

The only way to make sure whether the gnome-keyring-daemon-acting-as-ssh-agent helds an encrypted or decrypted version of a particular ssh key is to try using the key, i.e. to execute a ssh based command like ssh, scp, svn (towards a svn+ssh repo), ...


  • No labels