Gnome Keyring SSH Agent on Arch XFCE
I have been using Keychain for years to automatically start an SSH agent and unlock my SSH keys.
But when I was setting up my new Laptop and fiddling with unlocking the Gnome Keyring, I was wondering why I wasn't using it for my SSH keys as well.
It took me a while to get it to work. My first issue was, that even after removing Keychain, something was starting an SSH agent and I wasn't sure where it came from.
It turns out, that XFCE starts an SSH agent by default. There are ways to disable this behaviour using xconf-query. But the easiest way is to go to Session and Startup → Advanced → Launch GNOME services on startup and tick the checkbox.
This disables the automated starting of a normal SSH agent by XFCE itself. This will also start the Gnome Keyring daemon by default, but upstream recently changed it's default behaviour to not start the SSH agent with it.
Theoretically there's an entry labelled “SSH Key Agent (GNOME Keyring: SSH Agent)” under Session and Startup → Application Autostart but for me that did nothing.
What worked for me was starting the ssh agent component using a user systemd unit (I was not even aware that this is a thing before).
systemctl --user enable gcr-ssh-agent.socket systemctl --user start gcr-ssh-agent.socket
This starts the agent and should theoretically register an environment variable telling SSH about the agent. Again this did not work for me. So I register it my self in my .xprofile:
- ~/.xprofile
# register gnome keyring ssh manager if [ -e $XDG_RUNTIME_DIR/gcr/ssh ]; then export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gcr/ssh fi
Now, when you connect to an SSH server, a graphical dialog will pop up to unlock your key, with an option to save the password in the keyring.
This really should not be that difficult and I suspect there's something buggy that prevents this all working out of the box.