[arch-general] gnome-keyring and ssh without login manager
On a newly-set-up "promiscuous USB" system, I've chosen to skip a DE, and ultimately also forewent a login manager. Normally, I'd be happy with an askpass client, but I've noticed that I cannot do without nm-applet on this installation, and consequently have ended up with gnome-keyring installed alongside as well. So I thought, hey, I could make use of that thing, like I make use of kwallet with ksshaskpass on a KDE system. Unfortunately, after some headache-inducing trial-and-errors, it occurs to me as if this is fat hope. The technical background is as follows: 1) Openbox WM only + pcmanfm for desktop management 2) X is autostarted on bootup via su/inittab 3) nm-applet autoconnects to my desired WiFi without any kind of prompting (though it did ask for a password to set up a new key the first time) 4) gnome-keyring does not appear to be running post-startup (so we can assume nm-applet calls it on demand only) I do know that at least one similar issue with regards to having a login manager, "realtime", is worked around by having the following in /etc/pam.d/su: session required pam_limits.so So I tried something akin to that with the gnome_keyring.so stuff, to no avail. Any chance? You tell me. -- GPG/PGP ID: B42DDCAD
On Thu, Aug 19, 2010 at 09:57:44AM +0800, Ray Rashif wrote:
On a newly-set-up "promiscuous USB" system, I've chosen to skip a DE, and ultimately also forewent a login manager. Normally, I'd be happy with an askpass client, but I've noticed that I cannot do without nm-applet on this installation, and consequently have ended up with gnome-keyring installed alongside as well. So I thought, hey, I could make use of that thing, like I make use of kwallet with ksshaskpass on a KDE system.
Unfortunately, after some headache-inducing trial-and-errors, it occurs to me as if this is fat hope. The technical background is as follows:
1) Openbox WM only + pcmanfm for desktop management
2) X is autostarted on bootup via su/inittab
3) nm-applet autoconnects to my desired WiFi without any kind of prompting (though it did ask for a password to set up a new key the first time)
Why do you need nm-applet? If it is just about the autoconnect stuff you should have a look at <http://wiki.archlinux.org/index.php/Netcfg>.
4) gnome-keyring does not appear to be running post-startup (so we can assume nm-applet calls it on demand only)
I do know that at least one similar issue with regards to having a login manager, "realtime", is worked around by having the following in /etc/pam.d/su:
session required pam_limits.so
So I tried something akin to that with the gnome_keyring.so stuff, to no avail.
Any chance? You tell me.
For unlocking ssh keys at login I use pam_ssh which ask for the ssh key password at login time and fires up ssh-agent after that. -- The best thing about a boolean is even if you are wrong, you are only off by a bit.
2010/8/19 Sebastian Köhler <sebkoehler@whoami.org.uk>:
Why do you need nm-applet? If it is just about the autoconnect stuff you should have a look at <http://wiki.archlinux.org/index.php/Netcfg>.
Choice of tool is a separate issue :) This is a "promiscuous" system, i.e I will take it with me all around the world and plug it into all sorts of machines. As such, I need support for all sorts of mobile phones, 3G modems, ADSL and VPN. I myself have a Motorola ROKR E8, Huawei E220, Huawei <somethingelseidontremember>, and currently in foreign land connected to a very unreliable burst-mode ADSL. NetworkManager + NetworkManager Applet is the only combination of tools that has passed my tests for this.
For unlocking ssh keys at login I use pam_ssh which ask for the ssh key password at login time and fires up ssh-agent after that.
Ahh, thanks. Actually, I skipped that from the start because I didn't want any prompts before the WM started, and it didn't occur to that it'd work since there's no normal login prompt with this setup (root auto-logs-in for user). I guess I'll stick to X11-ssh-askpass. -- GPG/PGP ID: B42DDCAD
participants (2)
-
Ray Rashif
-
Sebastian Köhler