Gnome Keyring SSH Agent
Gnome Keyring includes an SSH agent which integrates with the gnome-keyring and user login for its passwords. It can also use the main PKCS#11 private key store.
Gnome Keyring will set the SSH_AUTH_SOCK environment variable when it starts up.
Protocol Support
SSH agent protocol version 2 is supported and has proper integration with Gnome Keyring. This works with OpenSSH.
Version 1 of the SSH agent protocol is supported in compatibility mode. No integration with Gnome Keyring exists for keys loaded this way. SSH version 1 keys can loaded with ssh-add will work as expected.
Automatically loading SSH Keys
The SSH agent automatically loads files in ~/.ssh which have corresponding *.pub paired files. Additional SSH keys can be manually loaded and managed via the ssh-add command.
Disabling SSH agent support in GNOME Keyring
As a system distributor or a user, if you use another SSH agent (such as the ssh-agent included with OpenSSH), you may want to disable the SSH agent in GNOME Keyring to prevent ssh from using it instead of your preferred SSH agent.
There are several ways to disable the GNOME keyring SSH agent:
- Use the "Startup Applications" capplet (ie: gnome-session-properties) and disable the "SSH Key Agent" startup program.
- Build gnome-keyring without SSH support. Use the following configure option
$ ./configure --disable-ssh-agent
- If you're starting gnome-keyring manually or from a script you can use the --components option to exclude starting up the SSH support.
$ gnome-keyring-daemon --components keyring,pkcs11
Using ssh-add with Gnome Keyring's SSH Agent
This assumes some familiarity with the ssh-add command. See its man page for more info.
You can use ssh-add to manually add keys for use in the SSH agent. These will be in addition to the automatically loaded keys.
The ssh-add -D will remove any keys you've added manually.
The ssh-add -D will lock any automatically loaded keys.
ssh-add -l and ssh-add -L will always list automatically loaded keys.