Something changed from Mint 16 MATE to Mint 17 MATE which breaks ssh-agent handling in a mate-terminal launched from mintMenu.
In Mint 16, running ssh from a terminal, no matter how the terminal was started, would work properly as far as doing the right thing querying an ssh-agent of some sort to unlock ssh keys. A terminal would get an SSH_AUTH_SOCK environment variable which looked something like "/tmp/keyring-aJok3i/ssh". Both ssh-agent and mate-keyring-daemon were running, so I don't know which was actually on the end of the socket. The first time you ran ssh, a little dialog window would pop up allowing you to unlock your ssh key file. Subsequent invocations of ssh would contact the agent and not need to unlock it again.
In Mint 17, things changed a bit, and something broke. ssh-agent is still being run, with the same options as in 16 Petra. However, now gnome-keyring-daemon is running instead of mate-keyring-daemon, and the options are a bit different. Terminals get different SSH_AUTH_SOCK settings depending on how they are launched. A mate-terminal launched from mintMenu gets an SSH_AUTH_SOCK of the form "/tmp/ssh-ue6vn7znItjE/agent.23821". There is indeed a socket there, with mode 600 permissions, but the ssh command run from such a terminal is not able to contact an agent, and always prompts to unlock the key. Such terminals include anything launched from any mintMenu, either on the lower left of the default Mint MATE panel, or a mintMenu added manually to the panel. Such terminals include anything started by the Terminal launcher in the left side of the standard mintMenu under System, the Terminal launcher in Favourites, and the Terminal launcher in the System Tools menu. According to pstree, such terminals have an immediate parent of "init"; this is the same in Mint 16.
Terminals started other than directly by mintMenu get a different SSH_AUTH_SOCK, of the form "/run/user/nnnn/keyring-6kY6nc/ssh". There is a socket there also, but with mode 755 permissions (same as in Mint 16). An ssh started from these terminals is able to contact an agent. These terminals include anything started from: a launcher manually added to either a panel or the desktop using the right menu option in mintMenu, or a launcher from either "Main Menu" or "Menu Bar". These terminals have a pstree of mdm---x-session-manager---mate-panel.
Manually setting SSH_AUTH_SOCK in a mintMenu terminal to the /run/user/nnnn/keyring-xxxx/ssh value allows ssh to contact an agent.
I suspect this may have been a configuration bug which crept in when mate-keyring-daemon was replaced by gnome-keyring-daemon. Does anyone know of a way to easily work around this until the bug is fixed?
Thanks,
MInt 17 - mintMenu not setting SSH_AUTH_SOCK properly
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
MInt 17 - mintMenu not setting SSH_AUTH_SOCK properly
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: MInt 17 - mintMenu not setting SSH_AUTH_SOCK properly
I am manually putting shortcuts on panel to get around this issue. Also see similar issue here: http://forums.mate-desktop.org/viewtopic.php?f=2&t=3146
Re: MInt 17 - mintMenu not setting SSH_AUTH_SOCK properly
Maybe this can help?
You'll need to correct it a bit though for the cases when the path doesn't contain a dash and a 6-symbol string, e.g.instead of
The correction is as follows: change
to
You'll need to correct it a bit though for the cases when the path doesn't contain a dash and a 6-symbol string, e.g.
Code: Select all
/run/user/nnnn/keyring/ssh
Code: Select all
/run/user/nnnn/keyring-xxxxxx/ssh
Code: Select all
SSH_AUTH_SOCK=`ss -xl | grep -o '/run/user/1000/keyring-.*/ssh'`
Code: Select all
SSH_AUTH_SOCK=`ss -xl | grep -o '/run/user/1000/keyring.*/ssh'`
Re: MInt 17 - mintMenu not setting SSH_AUTH_SOCK properly
BTW, it's not just mintMenu, it's a bug in gnome-keyring.
Re: MInt 17 - mintMenu not setting SSH_AUTH_SOCK properly
Was this ever fixed? Does it work for you?
I'm having the proposed version according to the bug report:
But applications like the "virt-manager" still does not use the SSH_AUTH_SOCK enviroment variable.
If I launch it using Alt-F2 or from the terminal the it works fine.
Noticed that applications launched from the menu uses the /tmp/ssh-... socket
instead of gnome-keyring /run/user/1000/keyring.../ssh socket
Any hints how to propagate the correct variable? initctl set-env?
I'm having the proposed version according to the bug report:
Code: Select all
$ dpkg -l gnome-keyring
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=======================-================-================-====================================================
ii gnome-keyring 3.10.1-1ubuntu4. i386 GNOME keyring services (daemon and tools)
If I launch it using Alt-F2 or from the terminal the it works fine.
Noticed that applications launched from the menu uses the /tmp/ssh-... socket
instead of gnome-keyring /run/user/1000/keyring.../ssh socket
Any hints how to propagate the correct variable? initctl set-env?
Re: MInt 17 - mintMenu not setting SSH_AUTH_SOCK properly
Yes, unfortunately, the latest gnome-keyring didn't fix it for mintMenu. We still can't figure out why it happens.