Your Linux Data Center Experts

I had a heck of a time getting SSH and GPG agents working how I wanted on my Ubuntu 10.10 box running XFCE. The primary behavior I was trying to fix is that my GPG passphrase was asked for every time, which is annoying when I sign all outgoing e-mail. The other issue is that gnome-keyring does not support the “confirmation” (-c) option to “ssh-add”.

Not sure why the gpg passphrase wasn't being stored properly, the dialog asking for it had radio-buttons to select how long the passphrase was remembered for, but that just wasn't being honored due to a “Certain fields have invalid values” error. Searching provided no fix for that.

I made some progress by going into Applications -> Settings -> Xfce4 Settings -> Session and Startup, click the Application Autostart tab, and unchecking the “SSH Key Agent (GNOME Keyring: SSH Agent)”, “Secret Storage Service (GNOME Keyring: Secret Service)”, and “Certificate and Key Storage (GNOME Keyring: PKCS#11 Component)”. However, that was still running gnome-keyring-daemon which was taking over the SSH_AUTH_SOCK environment variable.

After a lot of searching, I couldn't find the right way to disable gnome-keyring-daemon, so I just did a “sudo chmod 000 /usr/bin/gnome-keyring-daemon”. Then I added an startup entry (in the settings application above) to run “gpg-agent”.

Once this was done, I logged out and back in, and had ssh-agent and gpg-agent running. Now I can “ssh-add -c” and it works properly, and my e-mail isn't asking for my long GPG pass-phrase every time I send mail.

comments powered by Disqus

Join our other satisfied clients. Contact us today.