I have also noticed confusing behavior on the part of ssh-agent and ssh- add now that gnome-keyring is intervening in the management of ssh keys. Packages:
gnome-keyring 2.22.1-1 gnome-keyring-manager 2.20.0-0ubuntu2 openssh-client 1:4.7p1-8ubuntu1 Here's a scenario. I've replaced all actual fingerprints with [fingerprint1]. (It's been a while since I've read the details of public key crypto so I don't remember what is sensitive from what is not. I don't know whether fingerprints are sensitive... Better safe than sorry.) 1. $ ssh-add -l [ssh-add gnome-keyring pops a dialog asking for a password. I enter the password for my ssh identities.] 1024 [fingerprint1] (DSA) 2. $ ssh-add -l 1024 [fingerprint1] (DSA) 3. $ ssh-add -D All identities removed. 4. $ ssh-add -l 1024 [fingerprint1] (DSA) 5. $ ssh [to some host for which the key listed by ssh-add -l should allow login] [At this point ssh asks for the password to unlock the key listed in step 4!] I see two problems: A. Like Andrew reported, deleting a key with ssh-add -D does delete it from the agent, as evidenced by steps 3 and 5, but it is still listed as present (step 4)! This breaks some of my scripts which rely on ssh-add -l to know whether a key is present or not. B. When there are no keys whatsoever in the agent, in step 1 above, running "ssh-add -l" makes gnome-keyring ask for a password. This also breaks scripts which are supposed to run non-interactively. I've designed my scripts to fail silently if the needed keys are missing. (It makes sense to do that for the purposes I have with those scripts.) But the way ssh-add and gnome-keyring interact my scripts are no longer able to fail silently. I get a prompt in my face when they try to check whether keys are present. -- gnome-keyring has unusual behaviour compared to ssh-agent https://bugs.launchpad.net/bugs/214679 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-keyring in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs