gnome-keyring, ssh keys, and less password entries (was Re: fedora-extras-list Digest, Vol 25, Issue 59)

Todd Zullinger tmz at pobox.com
Wed Dec 27 06:33:36 UTC 2006


Ralf Ertzinger wrote:
> I'd like a program which queries the gnome keyring instead, so that
> I have to enter just one passphrase (for the gnome keyring) instead
> of two (for the gnome keyring, and for the ssh key)

While this isn't precisely what you asked for, it seems like it might
satisfy your goals...

I've installed pam_keyring and pam_ssh and made 2 small tweaks to my
/etc/pam.d/gdm config[1].  This allows me to login via gdm and have
both my gnome-keyring and ssh-keys unlocked automatically, provided
the passwords for the gnome-keyring and ssh keys are the same as my
login password.

FWIW, it appears that the development version of Seahorse can save
your ssh key passwords in gnome-keyring[2][3].  I've not tried
Seahorse.

[1] The changes I made to the gdm pam config are as follows:

--- gdm~	2006-12-15 11:28:41.000000000 -0500
+++ gdm	2006-12-27 01:22:15.000000000 -0500
@@ -1,5 +1,7 @@
 #%PAM-1.0
 auth       required    pam_env.so
+auth       optional    pam_keyring.so try_first_pass
+auth       optional    pam_ssh.so try_first_pass
 auth       include     system-auth
 account    required    pam_nologin.so
 account    include     system-auth
@@ -8,4 +10,6 @@
 session    include     system-auth
 session    required    pam_loginuid.so
 session    optional    pam_console.so
+session    optional    pam_keyring.so
+session    optional    pam_ssh.so
 
[2] http://live.gnome.org/Seahorse
[3] http://live.gnome.org/Seahorse/SSHAgent

HTH,

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
Erotic is when you use a feather, kinky is when you use the whole
chicken.
    -- C. Haynes.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20061227/50abc2c9/attachment.sig>


More information about the fedora-extras-list mailing list