Mate Desktop and SSH Agent, without Gnome keyring
diaspora*
mastodonFor a long time, I used i3 as window manager. It was fine as I like stripped down environment. However, I missed some features of my Gnome 2 experience. Thus I moved to Mate and easily configured it to match my minimalistic needs. All was perfect and I was happy with it, until I realize something was really bothering me: even with all the known methods to disable Gnome keyring autostart, it keeps launching when my session starts. This behavior leads to very nasty bugs, like breaking Emacs tramp or continually bothering me to enter my passphrase.
I finally found a working solution in the Mate Session Manager issues traker. So for all other people, who goes mad because of this, here is the definitive guide to definitely shut Gnome keyring down.
SSH-Agent configuration
First, you need to configure your OpenSSH SSH agent. Nothing specific here, we just need to add a systemd service file for our current user, in order to automatically start the SSH agent when our session starts. I use the following file:
[Unit] Description=SSH key agent [Service] Type=simple Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK [Install] WantedBy=default.target
You must save it in \~/.config/systemd/user/ssh-agent.service. Then
enter systemctl --user enable ssh-agent in your console to active it
at startup.
The important point here is the line
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket, where I inform systemd
to launch the ssh-agent with the environment variable set to the rather
cryptic %t/ssh-agent.socket. The %t placeholder will expand to the
runtime directory root, that is to say /run/user/UID/. In my case
/run/user/1000/ssh-agent.socket. So, when ssh-agent will start, it
will create a socket in this place.
To inform your desktop environment (and other programs, like Emacs), you
must add this environment variable either in your \~/.profile file (if
you'll use only TTY terminals) or, more surely in your
\~/.pam_environment file. No other variable are available in that
file, thus you must be explicit when setting the SSH_AUTH_SOCK
variable. And yes there is a space between the variable name and
DEFAULT. My own \~/.pam_environment file looks like:
SSH_AUTH_SOCK DEFAULT="/run/user/1000/ssh-agent.socket"
Disabling Gnome Keyring
Now that ssh-agent will start just fine, we need to disable the SSH component of Gnome Keyring.
The first step is to "officially" asking it to don't start. You must
copy the default .desktop autostart file in your home folder to
customize it. Then append two magic lines to it to remove it from the
Startup Application configuration dialog (the Hidden=True directive)
and disable it for Mate desktop only (the
X-MATE-Autostart-enabled=false directive):
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/ echo 'Hidden=True' >> ~/.config/autostart/gnome-keyring-ssh.desktop echo 'X-MATE-Autostart-enabled=false' >> ~/.config/autostart/gnome-keyring-ssh.desktop
We now arrive to the core of the problem. The previous operation should have been sufficient, but there still exists a weird bug, which will spawn Gnome Keyring SSH agent each time you start your session.
To completely deactivate it, you must remove the 'keyring' component
from the gnome-compat-startup option in Gsettings. As this key holds
an array value, the better way to do it is to use the dconf-editor
application. Once you open it, browse to org, then mate, desktop,
and finally session. You should find the gnome-compat-startup in
there. Click on it, unset the "Use default value" switch and remove
'keyring' from the text field bellow. Take attention to remove the
next comma. In my case, the field now contains only ['smproxy'].
That's all, you can now enjoy a keyring-free desktop :)
Comments
N'hésitez pas à réagir en m'envoyant un email, qui sera publié ci-dessous sous la forme d'un commentaire.