[arch-general] Thunar sftp connection not working - access denied

Kyle Terrien kyleterrien at gmail.com
Mon Nov 2 06:43:22 UTC 2015

On 10/29/2015 06:06 PM, Friedrich Strohmaier wrote:
> Hi Kyle, *,
> Am 15.10.2015 um 17:56 schrieb Kyle Terrien:
>> On 10/13/2015 10:55 AM, Friedrich Strohmaier wrote:
>>> Am 12.10.2015 um 17:29 schrieb Kyle Terrien:
>>>> On 10/09/2015 05:54 PM, Friedrich Strohmaier wrote:
>>>>> Am 10.10.2015 um 02:23 schrieb Leonid Isaev:
>>>>>> On Sat, Oct 10, 2015 at 02:05:38AM +0200, Friedrich Strohmaier wrote:
>>>>>>> Hi Folks,
>>>>>>> since some time I cannot get thunar connect my remote servers folders via sftp.
>>> [..]
>>>>>> So, does sftp work from the command line?
>>>>> yes works as expected.
>>>>> btw. filezilla also does..
> [..]
>>> digging a bit deeper..
>>> It apears to be a problem of ssh-key authentification.
> Log output uploaded: https://bits-fritz.de/eigene_webdateien/File/bereitstellung/messages.txt
>>> Any ideas?
>>> Is this a gvfsd bug?
>> Considering that CLI sftp and Filezilla work, this is probably a GVFS
>> related issue.
> New facts but no solution..
> After dbus update I restarted dbus by hand:
> Restarting dbus as root yields:
> =========
> [root at myhost ~]# systemctl restart dbus
> PolicyKit daemon disconnected from the bus.
> We are no longer a registered authentication agent.
> =========

Dbus is tied into almost everything nowadays.  Restarting it can do all
sorts of interesting things.

> After new Loggin in XFCE - tataaa sftp-connection is established without
> issues.  Cannot shutdown machine out of xfce session and have other quirks but
> this one works.
> After machine restart old behaviour is back.
> This tells me something's wrong with PolicyKit settings?

So, if PolicyKit is not registered as an authentication agent, gvfs SFTP
works.  I'm guessing it is falling back to some other authentication

> Forgot to mention: ssh-agent running (started by keychain)

Maybe ssh-agent is the fallback.

>> Have you tried running the ssh commands yourself?
>>> Oct 13 19:36:08 my_machine gvfsd[758]: ### SFTP: spawn_ssh: ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost yes -l me -s strict.remote.host sftp
>>> Oct 13 19:36:28 my_machine gvfsd[758]: ### SFTP: spawn_ssh: ssh -oForwardX11 no -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -oProtocol 2 -oNoHostAuthenticationForLocalhost yes -l me -s permissive.remote.host sftp
> I did (had to replace spaces with "=" between -oXX options and values).
> No result but - mmmhh - a "waiting" prompt.
> It appeared like opening a tunnel.
> Kyle, many thanks for keeping up! :o))

I would have to look up those ssh options.  They could very well create
a tunnel.

In your log file:

> Oct 30 00:22:22 my_machine gvfsd[1047]: ** (process:1315): WARNING **: Failed to setup SSH evironment: The name org.gnome.keyring was not provided by any .service files (g-dbus-error-quark, 2)

Is gnome-keyring installed?  It looks like gvfs (being a GNOME
application) is trying to start GNOME keyring.

I switched pretty much everything to gpg-agent.  In .xinitrc I have

# Start the GnuPG agent and enable OpenSSH agent emulation
if pgrep -x -u "${USER}" gpg-agent >/dev/null 2>&1; then
    eval `cat $gnupginf`
    eval `cut -d= -f1 $gnupginf | xargs echo export`
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
    eval `gpg-agent -s --enable-ssh-support --daemon --write-env-file "$gnupginf"`

It uses some old options that I should probably clean up, but it still
starts and works.  But you will need to kill it with 'pkill gpg-agent'
before logging out.

I only use gnome-keyring-daemon on my laptop for keeping track of Wifi
passwords in NetworkManager.

Feel free to look at my configuration at


(.xautorun is sourced by .xinitrc.  Then .xinitrc calls my window

If I get the chance, I might try to remove gnome-keyring-daemon and see
what happens if I use gvfs.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20151101/c91428d5/attachment.asc>

More information about the arch-general mailing list