I have several computer_X.desktop files under /usr/share/gnome/apps for using of ssh. Inside of computer_X.desktop there is the line Exec=bash -c " xterm -sb -sl 500 -e ssh $X11FORWARD computer_X" X11FORWARD is set in .profile to "-Y", if OpenSSH is installed or to "+X", if "SSH Secure Shell" from ssh.com is installed. I am running ssh-agent. Until some days ago it works perfectly, i.e, I could log in in other computers without entering passwords by clicking to the menu entries corresponding to computer_X.desktop. Now after installing OpenSSH-5.0 and gnome-2.22 I still can login without entering a password, if I call ssh from gnome-terminal command line, but I will be asked for a password if I click to these menu entries. If I still insert in the exec line of computer_X.desktop "env | grep -i ssh; ssh-add -l" just before calling ssh, I see two differences compare with the command line. At the command line I see: SSH_AUTH_SOCK=/tmp/ssh-IGHFZ11242/agent.11242 and "ssh-add -l" gives: 1024 ...:...:.. /home/rose/.ssh/....dsa. The output from computer_X.desktop is: SSH_AUTH_SOCK=/tmp/keyring-ZVHKvI/ssh and "ssh-add -l" gives: The agent has no identities. Any hint would be very appreciated. Regards Juergen Reproducible: Always
gnome-keyring now sports a ssh-agent on its own. Fix your custom .desktop to use it instead of using a separata ssh-agent and it should be fine. If you don't want to use gnome-keyring, you're on your own. Closing INVALID since there is no NOTABUG.
I tried to follow the hints from http://live.gnome.org/GnomeKeyring/Ssh . As the result I was not ask for my ssh agent passphrase, when I logged in. And I could login via ssh into remote computers without entering the password of the remote computer, if I tried this from the gnome-terminal prompt. But it does not work from the computer_X.desktop file. Then I modified the exec line of computer_X.desktop to: Exec=bash -c "source ~/.keychain/${HOSTNAME}-sh>/dev/null; xterm -e ssh $X11FORWARD computer_X" Now it works. But is it the right way? Regards Juergen
no, you should not execute anything besides gksu and the program itself in *.desktop (upstream generaly don't even provide gksu, we are adding it for convienence). Applications started from gnome menus inherit environment from gnome-session which partly gets it from X startup /etc/X11/xinitrc.d/* Applications started from the menu should hence have access to the keyring. This is out of the scope of our support, but please attach a sample of what you are doing.
For several years I have the following lines in my .bash_profile: if [ -x /usr/bin/keychain ]; then SSH_KEYS="" for f in ~/.ssh/*dsa ; do SSH_KEYS="$SSH_KEYS `basename $f`" done if [ -n "$SSH_KEYS" ]; then /usr/bin/keychain $SSH_KEYS source ~/.keychain/${HOSTNAME}-sh > /dev/null fi elif tty > /dev/null ; then ... fi After the login I will be asked for the keychain password. If I try 'ssh' or 'scp' from the command line of gnome-terminal, everything is fine. I can work with computers which have my public key without entering passwords. But if I try to execute ssh to these computers from computer_X.desktop as described in my first posting I will be asked for some days (probably after installing gnome-2.22) for the password of the remote computer. The reason seems to be the differing environment, i.e. the differing SSH_AUTH_SOCK variable. To get the same value for SSH_AUTH_SOCK I inserted "source ~/.keychain/${HOSTNAME}-sh" in computer_X.desktop. On the other hand I could revove the keychain lines from .bash_profile instead of inserting something into computer_X.desktop. I tried this, opened a new terminal window. And now I will also here asked for a password if I am using ssh. But perhaps I have to complete log off and log in.I will try this too after finishing this posting. Regards
any updates there ?
btw, if you are still here, could you attach a sample .desktop that fails for you ?