Gnome Keyring SSH Agent
Note: This applies to gnome-keyring versions 2.21.3 and later.
Gnome Keyring includes an SSH agent which integrates with the gnome-keyring and user login for its passwords. It can also use the main X.509 private key store.
Gnome Keyring will set the SSH_AUTH_SOCK environment variable when it starts up.
Protocol Support
SSH agent protocol version 2 is supported and has proper integration with Gnome Keyring. This works with OpenSSH.
Version 1 of the SSH agent protocol is supported in compatibility mode. No integration with Gnome Keyring exists for keys loaded this way. SSH version 1 keys can loaded with ssh-add will work as expected.
Automatically loading SSH Keys
The id_rsa and id_dsa files in ~/.ssh are automatically usable through the SSH agent without first 'loading' them. Other X.509 private keys marked with the 'ssh-authentication' purpose are also usable.
Additional SSH keys can be manually loaded and managed via the ssh-add command.
In the next version of Gnome a GUI will exist to tag additional private keys for automatic loading with SSH.
Disabling SSH agent support in GNOME Keyring
As a system distributor or a user, if you use another SSH agent (such as the ssh-agent included with OpenSSH), you may want to disable the SSH agent in GNOME Keyring to prevent ssh from using it instead of your preferred SSH agent.
There are multiple ways to disable the GNOME keyring SSH agent:
Set the /apps/gnome-keyring/daemon-components/ssh gconf key to false. This prevents the SSH component of gnome-keyring from starting up when the user logs in. Use the following command, or use gconf-editor:
$ gconftool-2 --set -t bool /apps/gnome-keyring/daemon-components/ssh false
- Build gnome-keyring without SSH support. Use the following configure option
$ ./configure --disable-ssh-agent
- If you're starting gnome-keyring manually or from a script you can use the --components option to exclude starting up the SSH support.
$ gnome-keyring-daemon --components keyring,pkcs11
