For few weeks now on Debian/unstable, ssh authentication services on my laptop computer is no longer working.
I've just discovered that this service is not provided by ssh-agent but but gnome-keyring-daemon. Why not... When I connect I get this in my /var/log/auth.log: May 5 09:32:27 an-dro gdm[2145]: pam_nologin(gdm:auth): cannot determine username May 5 09:33:02 an-dro CRON[2781]: pam_unix(cron:session): session opened for user nobody by (uid=0) May 5 09:33:02 an-dro CRON[2781]: pam_limits(cron:session): Unknown kernel rlimit 'Max realtime timeout' ignored May 5 09:33:02 an-dro CRON[2781]: pam_unix(cron:session): session closed for user nobody May 5 09:33:21 an-dro gdm[2145]: pam_limits(gdm:session): Unknown kernel rlimit 'Max realtime timeout' ignored May 5 09:33:21 an-dro gdm[2145]: pam_unix(gdm:session): session opened for user keryell by (uid=0) May 5 09:33:21 an-dro gdm[2145]: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0 May 5 09:33:26 an-dro gnome-keyring-daemon[2785]: GLib-GIO: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. May 5 09:33:34 an-dro polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.21 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale fr_FR.UTF-8) May 5 09:52:33 an-dro gnome-keyring-daemon[2785]: unsupported key algorithm in certificate: 1.2.840.10045.2.1 May 5 09:52:33 an-dro gnome-keyring-daemon[2785]: unsupported key algorithm in certificate: 1.2.840.10045.2.1 May 5 09:52:34 an-dro last message repeated 2 times May 5 09:52:34 an-dro gnome-keyring-daemon[2785]: couldn't load root certificates: /etc/ssl/certs/imapd.pem: L'ouverture du fichier « /etc/ssl/certs/imapd.pem » a échoué : Permission non accordée May 5 09:52:34 an-dro gnome-keyring-daemon[2785]: unsupported key algorithm in certificate: 1.2.840.10045.2.1 May 5 09:52:34 an-dro last message repeated 4 times May 5 09:52:35 an-dro gnome-keyring-prompt: Gtk: Failed to load module "gnomebreakpad" May 5 09:52:35 an-dro gnome-keyring-daemon[2785]: Gtk-Message: Failed to load module "gnomebreakpad" May 5 09:52:56 an-dro gnome-keyring-prompt: Gtk: Failed to load module "gnomebreakpad" May 5 09:52:56 an-dro gnome-keyring-daemon[2785]: Gtk-Message: Failed to load module "gnomebreakpad" I strace'd -f /usr/bin/gnome-keyring-daemon but I saw nothing blatant. It is not related for me to wrong encoding as stated in ~/.gnome2/keyrings/default because I don't have this file: ls ~/.gnome2/keyrings/ login.keyring user.keystore But I can suspect a wrong encoding stuff somewhere else too... Since I find annoying having to launch ssh-agent and patching gnome-keyring-daemon socket each time I log in :-/ , I've ended to write a work-around script I run before using ssh-add. Here is my "gnome-keyring-daemon-work-around" work-around script: #! /bin/sh # Use ssh-agent instead of currently broken /usr/bin/gnome-keyring-daemon # to provide ssh autheticating services # Ronan.Keryell at hpc-project dot com, 2011/05/05 # Keep around the socket to /usr/bin/gnome-keyring-daemon just in case... OLD_SSH_AUTH_SOCK=$SSH_AUTH_SOCK mv $OLD_SSH_AUTH_SOCK $OLD_SSH_AUTH_SOCK% # Launch a working authenticating agent that set also SSH_AUTH_SOCK eval `ssh-agent` # Linked the old socket name advertised everywhere previously by # /usr/bin/gnome-keyring-daemon to the new working one: ln -s $SSH_AUTH_SOCK $OLD_SSH_AUTH_SOCK -- Ronan KERYELL |\/ GSM: (+33|0) 6 13 14 37 66 HPC Project |/) Fax: (+33|0) 1 46 01 05 46 9 Route du Colonel Marcel Moraine K E-mail: r...@hpc-project.com 92360 Meudon La Forêt |\ skype:keryell FRANCE | \ http://hpc-project.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
