Password hell: gdm, ssh and gnome-keyring

Tuesday, August 22, 2006 ★ 09:44 ★ Categories Gnome, Linux

When I log into my laptop machine by entering my username and password into GDM, After logging in, I often find myself opening two of my SSH keys:

• one key is used to login to some remote hosts, eg. the machine I host my mail on;

• the other key is for my Gnome CVS account. I’m using a separate key for this service, so that I can use it on other machines without sharing my normal per-machine (laptop) key.

  However, this causes me to enter my password at least three times! When I’m at home and my laptop tries to connect to my access point (long live network-manager) I also need to unlock my Gnome keyring, so that the total amount of passwords needed to get my machine running is four.

  Luckily, there’s a solution for the ssh keys: libpam-ssh (simply apt-get install libpam-ssh on a Debian box). You need to add two lines (the ones containing pam-ssh) to /etc/pam.d/gdm, one after common-auth and one after common-session. First one:

  @include common-auth
  @include pam-ssh-auth

  Second:

  @include common-session
  @include pam-ssh-session

  Make sure you use the same password to unlock your ssh keys as you use to login to your machine. By default, ~/.ssh/id_dsa, ~/.ssh/id_rsa, and some other files are used. I simply symlinked my ~/.ssh/id-rsa-gnome file to ~/.ssh/id_dsa to load both keys, without fiddling with system-wide configuration files.

  Now I only have to enter two passwords on login. Victory! Well, almost… does anyone have a solution for gnome-keyring (except for password-less keyrings, which are not option for laptops)?

  Update: I’ve posted an update on this article.

Random photo from Turkey (May, 2005)

Who wrote all this?

Wouter Bolsterlee, also known as uws, a postmodern geek living in the Netherlands. Read more about me…

Stay informed

RSS 2.0 feed

On Planet Gnome

On Planet Gnome-NL

Blog archives

Recent posts

July 2010

May 2010

April 2010

February 2010

November 2009

September 2009

July 2009

May 2009

March 2009

February 2009

January 2009

December 2008

November 2008

October 2008

September 2008

August 2008

July 2008

June 2008

May 2008

April 2008

March 2008

February 2008

January 2008

December 2007

November 2007

October 2007

September 2007

August 2007

July 2007

June 2007

May 2007

April 2007

March 2007

February 2007

January 2007

December 2006

November 2006

October 2006

September 2006

August 2006

July 2006

June 2006

May 2006

April 2006

March 2006

February 2006

January 2006

December 2005

November 2005

October 2005

September 2005

August 2005

July 2005

June 2005

Copyright

Unless stated otherwise, all material on this site is available under a Creative Commons Share-Alike license.