SSH to GNOME keyring

Lisa Kachold lisakachold at obnosis.com
Wed Dec 10 14:57:31 MST 2008 

Solutions:

Try LibPam:  http://ubuntu-tutorials.com/2007/07/12/automatically-unlocking-the-default-gnome-keyring-pam-keyring/

Questions:



1) Did you use encryptfs file encryption  on this system? 
2) Do you have any pam.d customizations?  (There is a PAM patch in Intrepid)

3) Are you using any "wrapped passphrase" that is not automatically
added into the keyring - like shhutout or shit for SSH brute force
protection? 

4) I assume the key is setup?

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  (503)754-4452
Catch the January PLUG HackFest!   Kristy Westphal, CSO for the AZ Department of Economic
Security will provide a one hour
presentation on forensics 1/10/09 Noon at UAT.edu.

> Date: Wed, 10 Dec 2008 13:30:28 -0700
> From: PLUGd at LuftHans.com
> To: PLUG-discuss at lists.PLUG.phoenix.az.us
> Subject: SSH to GNOME keyring
> 
> moin moin,
> 
> after and upgrade to Intrepid, SSH ( run from a shell in screen ) is
> popping up a gnome-keyring GUI asking for the password to unlock a private
> key.
> 
> This is essentially a DoS in addition to being annoying on many levels.
> 
> Since I run it from screen and don't actually look at that desktop very
> often, I didn't realize there was a GUI waiting for a response. There
> should not have been.
> 
> Once I detected the GUI I notice it refuses to yield focus. Double-bad.
> Ah, it'll yeild the focus, but not the keyboard. Even more double-bad.
> 
> DISPLAY is not set, so there should be no GUI popping up for any reason.
> 
> I generally run this particular command remotely, so knowing that a GUI
> popped up doesn't really help. Well, I can kill the GUI via another shell
> should I remember what the problem is.
> 
> Any suggestions on how to turn this GUI off?
> 
> I can remove ssh-askpass-gnome and break ubuntu-desktop.
> 
> I can remove id_dsa.
> 
> In other circumstances neither of those would be an option. I suppose I
> could use -i to specify a non-existent identity file, but intentionally
> breaking things generally seems like the wrong solution.
> 
> ciao,
> 
> der.hans
> -- 
> #  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
> #  I've got a photographic memory,
> #  but I'm lousy photographer. - der.hans
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_________________________________________________________________
Send e-mail faster without improving your typing skills.
http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_speed_122008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081210/36b1ab2f/attachment.htm

More information about the PLUG-discuss mailing list