Gnome keyring with ssh-agent

I can do ssh-agent inside the same terminal, such that:

Open terminal
$ eval $(ssh-agent)
$ ssh-add # enter key passcode
$ ssh user@host # no need to enter anything, connection ok

However, when I open another gnome-terminal, then I need to repeat the above command again.

Can I use gnome-keyring to provide ssh-agent services, such that I do not need to enter ssh key passcode on new terminals, and when using virt-manager -c “qemu+ssh://user@host/system?keyfile=id_rsa” ?

I am using Gnome 40 on Fedora 34 (fully updated), and will also test with Gnome 41 on Fedora 35 (fully updated)

2 Likes

Gnome Keyring SSH Agent should automatically load SSH keys:
Projects/GnomeKeyring/Ssh - GNOME Wiki!

It looks like this in GNOME Terminal:

> pgrep -f -a gnome-keyring
1527 /usr/bin/gnome-keyring-daemon --daemonize --login

> pgrep -f -a ssh-agent
19182 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh

> echo ${SSH_AUTH_SOCK}
/run/user/1000/keyring/ssh

> ssh-add -l
256 SHA256:[...] /home/vgaetera/.ssh/id_ed25519 (ED25519)

> ssh-add -L
ssh-ed25519 [...] /home/vgaetera/.ssh/id_ed25519

> ls -l ~/.ssh
total 16
-rw-------. 1 vgaetera vgaetera  444 May 28  2020 id_ed25519
-rw-------. 1 vgaetera vgaetera   90 May 28  2020 id_ed25519.pub
[...]

Check out a new user with default profile settings.

3 Likes

This happened to me once when, after a fresh install of Fedora, I restored my private key from backup but not my public key – I didn’t have a backup of my public key. Although I could authenticate to servers using my key, I was puzzled why I was being prompted again and again for the key’s passphrase.

It finally occurred to me that maybe it was because I didn’t have my public key present. I generated the public key from the private key using the following command:

cd ~/.ssh
ssh-keygen -y -f id_rsa >id_rsa.pub

Options used:

-y     
       This option will read a private OpenSSH format file and print an
       OpenSSH public key to stdout.

-f  filename

       Specifies the filename of the key file.

It worked. The next time I attempted to use my ssh key, a GUI dialog popped up prompting me to enter the passphrase to unlock the key. It had a checkbox for automatically unlocking the key whenever I log in.

12a51ab8dab17ecf145d8069741ff68498e606aa.png

I also could see the key in seahorse, a.k.a. “Passwords and Keys.” This is not installed by default in Fedora Workstation. To install it…

# Install the "Passwords and Keys" application
sudo dnf install seahorse
2 Likes