Gnome Keyring SSH Agent
Note: This applies to gnome-keyring versions 2.21.3 and later.
Gnome Keyring includes an SSH agent which integrates with the gnome-keyring and user login for its passwords. It can also use the main X.509 private key store.
Gnome Keyring will set the SSH_AUTH_SOCK environment variable when it starts up.
Protocol Support
SSH agent protocol version 2 is supported and has proper integration with Gnome Keyring. This works with OpenSSH.
Version 1 of the SSH agent protocol is supported in compatibility mode. No integration with Gnome Keyring exists for keys loaded this way. SSH version 1 keys can loaded with ssh-add will work as expected.
Automatically loading SSH Keys
The SSH agent automatically loads files in ~/.ssh having names starting with id_rsa or id_dsa, e.g. ~/.ssh/id_rsa_gnome or just ~/.ssh/id_rsa. Other X.509 private keys marked with the 'ssh-authentication' purpose are also usable.
Additional SSH keys can be manually loaded and managed via the ssh-add command.
In the next version of Gnome a GUI will exist to tag additional private keys for automatic loading with SSH.
Disabling SSH agent support in GNOME Keyring
As a system distributor or a user, if you use another SSH agent (such as the ssh-agent included with OpenSSH), you may want to disable the SSH agent in GNOME Keyring to prevent ssh from using it instead of your preferred SSH agent.
There are several ways to disable the GNOME keyring SSH agent:
Set the /apps/gnome-keyring/daemon-components/ssh gconf key to false. This prevents the SSH component of gnome-keyring from starting up when the user logs in. Use the following command, or use gconf-editor:
$ gconftool-2 --set -t bool /apps/gnome-keyring/daemon-components/ssh false
- Build gnome-keyring without SSH support. Use the following configure option
$ ./configure --disable-ssh-agent
- If you're starting gnome-keyring manually or from a script you can use the --components option to exclude starting up the SSH support.
$ gnome-keyring-daemon --components keyring,pkcs11
Using ssh-add with Gnome Keyring's SSH Agent
This assumes some familiarity with the ssh-add command. See its man page for more info.
You can use ssh-add to manually add keys for use in the SSH agent. These will be in addition to the automatically loaded keys.
The ssh-add -D will remove any keys you've added manually.
The ssh-add -D will lock any automatically loaded keys.
ssh-add -l and ssh-add -L will always list automatically loaded keys.
