Why can't I interact with my ssh-agent? (e.g. ssh-add -D doesn't work)

Solution 1:

NOTE: is not an answer solving the root issue. Please provide a new answer if you think you can solve the root cause. You really have to read on why my solution is just an ugly hack.


Here's an explanation on what happens at boot time, identifying the culprit.

Using KDM (or LightDM) as log in manager, an X session is spawned for you upon logging in. The log in manager allows you to select an X session (e.g. GNOME, KDE Plasma, etc.) based on those available in your system. The directory /usr/share/xsessions contains the files for each of those desktop environment installed and your user specific choice is saved in ~/.dmrc.

While the desktop environment loads after logging in, it loads all scripts in /etc/X11/Xsession.d/. On a Kubuntu 14.04 system I see /etc/X11/Xsession.d/90x11-common_ssh-agent there by default, initialising an SSH agent. As expected. Great!

In practice however we see different things. Where does gnome-keyring-daemon come from then and why is the regular ssh-agent not started? Well, the GNOME keyring is started in two ways:

  • XDG autostart, in /etc/xdg/autostart/gnome-keyring-ssh.desktop
  • As an Upstart session job in /usr/share/upstart/sessions/gnome-keyring.conf

All scripts are first checking the environment values whether they will proceed. E.g.

[ -z "$SSH_AUTH_SOCK" ] || [ -z "$GPG_AGENT_INFO" ] || { stop; exit 0; }

This makes it a sort of race condition which SSH agent is actually started. First one wins. Brace for more nasty bits.

How come it works at one machine reliably and it doesn't reliably at another? The X session upstart jobs are only started when the DESKTOP_SESSION environment variable is whitelisted for it in /etc/upstart-xsessions, handled by /etc/X11/Xsession.d/00upstart. KDM allows one to set a Desktop environment 'Default' (default in ~/.dmrc), effectively kde-plasma, but not appearing kde-plasma.

With Session=kde-plasma:

⟫ echo $DESKTOP_SESSION
kde-plasma

With Session=default in a KDE Plasma desktop:

⟫ echo $DESKTOP_SESSION
default

This is plain wrong. And you can guess now why it fails the whitelist check against /etc/upstart-xsessions.

Quick fix for running terminal session

killall gnome-keyring-daemon && eval `ssh-agent`

Conclusion

It appears that one can hit a bug with all Upstart session jobs not being started at all. Another bug prevents proper interfacing with the GNOME keyring SSH agent (or ssh-add should complain and fail). Oh I hate you, bugs.

Once I find time to do some research on what is exactly supposed to do what, I'll file the bug reports.

For now I decided to just 'use' the Upstart bug and prevent Upstart session jobs from running by setting Session=default. I'm not sure how much this breaks, but so far I haven't seen anything falling apart.

The root cause is the appearance of GNOME keyring in the first place and which should not lie to me and keep offering wrong keys.

Solution 2:

I always end up sudo apt-get remove --purge gnome-keyring anyway, followed with a restart. ubuntu-sso depends on it but I don't use that, so no worries.

ssh-agent seems to just work as it should afterwards.

Solution 3:

I realize this is an old thread. I am using xubuntu 16.04. Seems the bug is still there. I installed seahorse to manage the keys and that worked.