Upgraded to Bookworm, now GNOME keyring dies--no access to stored SSH key passwords
by Nate_KS from LinuxQuestions.org on (#6DY10)
I now have two desktop systems running Bookworm with GNOME 43. The laptop was upgraded last month and I upgraded the desktop this past Sunday afternoon. I have been using the GNOME keyring applet to manage the SSH public key passwords I use as it prompts to save passwords and then lets me SSH to other hosts without out a password prompt.
Some time after the upgrade I wanted to SSH into one of the other systems on my LAN and was greeted with a password prompt for the corresponding public key that had prior been managed by the keyring applet. I noted differences in the running processes between the laptop where the keyring applet is still working and the desktop where it was not.
On an off-chance I cold booted this system and found the keyring applet was working as expected so I went on doing other things for a while. Then I tried again and was prompted for the public key's password. Uggh.
Right after rebooting the process list looked like this which mirrors the laptop:
Code:$ ps ax -u nate | grep "agent\|keyring"
2037 ? SLsl 0:00 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/user/1000/keyring
2151 ? Ssl 0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
2157 ? Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
3802 ? S 0:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
3922 pts/0 S+ 0:00 grep --color=auto agent\|keyringSome time after the cold start and logging in things looked like this:
Code:$ ps ax -u nate | grep "agent\|keyring"
2151 ? Ssl 0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
2157 ? Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
12324 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
12325 ? Ssl 0:00 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/user/1000/keyring
19308 pts/0 S+ 0:00 grep --color=auto agent\|keyringIt appears to me that gnome-keyring-daemon has been restarted for some reason. As a result PIDs 2037 and 3802 are terminated and also /run/user/1000/keyring/.ssh is no longer present along with the pkcs11 and ssh files in the same directory.
Code:debian-archive-keyring/stable,stable,now 2023.3 all [installed,automatic]
fasttrack-archive-keyring/stable,stable,now 2020.12.19 all [installed]
gnome-keyring-pkcs11/stable,now 42.1-1+b2 amd64 [installed,automatic]
gnome-keyring/stable,now 42.1-1+b2 amd64 [installed,automatic]
gpg-agent/stable,now 2.2.40-1.1 amd64 [installed,automatic]
libpam-gnome-keyring/stable,now 42.1-1+b2 amd64 [installed,automatic]
libpolkit-agent-1-0/stable,now 122-3 amd64 [installed,automatic]A while later, perhaps an hour or so, all keyring PIDs vanished!
Code:$ ps ax -u nate | grep "agent\|keyring"
2151 ? Ssl 0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
2157 ? Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
22418 pts/0 S+ 0:00 grep --color=auto agent\|keyringThis behavior has persisted after at least another system restart. I can provide journalctl output if needed.
Some time after the upgrade I wanted to SSH into one of the other systems on my LAN and was greeted with a password prompt for the corresponding public key that had prior been managed by the keyring applet. I noted differences in the running processes between the laptop where the keyring applet is still working and the desktop where it was not.
On an off-chance I cold booted this system and found the keyring applet was working as expected so I went on doing other things for a while. Then I tried again and was prompted for the public key's password. Uggh.
Right after rebooting the process list looked like this which mirrors the laptop:
Code:$ ps ax -u nate | grep "agent\|keyring"
2037 ? SLsl 0:00 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/user/1000/keyring
2151 ? Ssl 0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
2157 ? Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
3802 ? S 0:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
3922 pts/0 S+ 0:00 grep --color=auto agent\|keyringSome time after the cold start and logging in things looked like this:
Code:$ ps ax -u nate | grep "agent\|keyring"
2151 ? Ssl 0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
2157 ? Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
12324 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
12325 ? Ssl 0:00 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/user/1000/keyring
19308 pts/0 S+ 0:00 grep --color=auto agent\|keyringIt appears to me that gnome-keyring-daemon has been restarted for some reason. As a result PIDs 2037 and 3802 are terminated and also /run/user/1000/keyring/.ssh is no longer present along with the pkcs11 and ssh files in the same directory.
Code:debian-archive-keyring/stable,stable,now 2023.3 all [installed,automatic]
fasttrack-archive-keyring/stable,stable,now 2020.12.19 all [installed]
gnome-keyring-pkcs11/stable,now 42.1-1+b2 amd64 [installed,automatic]
gnome-keyring/stable,now 42.1-1+b2 amd64 [installed,automatic]
gpg-agent/stable,now 2.2.40-1.1 amd64 [installed,automatic]
libpam-gnome-keyring/stable,now 42.1-1+b2 amd64 [installed,automatic]
libpolkit-agent-1-0/stable,now 122-3 amd64 [installed,automatic]A while later, perhaps an hour or so, all keyring PIDs vanished!
Code:$ ps ax -u nate | grep "agent\|keyring"
2151 ? Ssl 0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
2157 ? Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
22418 pts/0 S+ 0:00 grep --color=auto agent\|keyringThis behavior has persisted after at least another system restart. I can provide journalctl output if needed.