Unable to use "real" ssh-agent in 17.10

Asked by Etienne CHAMPETIER

I'm an ssh certificates user, thus I need the real ssh-agent (gnome-keyring-ssh does not support ssh certificates)

In 16.04, if I disable gnome-keyring-ssh, a real ssh-agent is started and if I launch a terminal, I have the correct SSH_AUTH_SOCK variable in my env

mkdir -p ~/.config/autostart
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/ &&
echo 'Hidden=true' >> ~/.config/autostart/gnome-keyring-ssh.desktop &&
echo 'X-GNOME-Autostart-enabled=false' >> ~/.config/autostart/gnome-keyring-ssh.desktop

Now if I do the same thing with 17.10, gnome-keyring-ssh is disabled, but no ssh-agent is started
it should be started by "ssh-agent.service" (systemctl --user start ssh-agent.service)

Now if I start ssh-agent.service manually, ssh-agent is started, but SSH_AUTH_SOCK is not added to the environment variable (starting a new terminal)

I'm using a fresh installation of 17.10 (vm)

Thanks

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Etienne CHAMPETIER
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
#1

I suggest you report a bug. Sounds like a regression.

Surely the keys live in ~/.ssh/authorized_keys and similar. Why are you roping Gnome into something that is desktop environment agnostic?

Revision history for this message
Etienne CHAMPETIER (champtar) said :
#2

Hi @actionparsnip,

not sure to understand your question, I'm using ssh certificates (an extension of ssh keys) and gnome-keyring-ssh does not support ssh certificates (it also does not support ed25519 keys and maybe other features)
I can launch the real ssh-agent in my terminals, but for graphical apps like virt-manager it's easier to have 1 well configured global ssh-agent

I will definitely open a bug

Revision history for this message
Etienne CHAMPETIER (champtar) said :
#3

Ok I found a full workaround:

1) disable gnome-keyring-ssh start
mkdir -p ~/.config/autostart
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/ &&
echo 'Hidden=true' >> ~/.config/autostart/gnome-keyring-ssh.desktop &&
echo 'X-GNOME-Autostart-enabled=false' >> ~/.config/autostart/gnome-keyring-ssh.desktop

2) force ssh-agent.service to start
systemctl --user add-wants default.target ssh-agent.service