On Wed, Nov 09, 2016 at 12:33:39AM +0100, Marek Marczykowski-Górecki wrote: > Hi, > > Currently gnome-keyring (if installed) is started in every VM, > providing, among other things, SSH agent. There is no sane way to > disable it for the user[2]. > > Since the original reason why it is started this way is not true for a > long time, I think about disabling it[1]. The (side?) effect will be - no > longer gnome-keyring working as SSH agent, instead standard ssh-agent > will be pointed by SSH_AUTH_SOCK variable. For some this may be a > feature (as gnome-keyring do not support EC for example), but some may > see this as a bug - no longer keys loaded automatically with a nice GUI > prompt for a password (if set). > > It is still possible to enable it back for example by adding it to > `~/.profile`. The tricky part is it can't be started just from > `/etc/xdg/autostart`, because it isn't possible to set $SSH_AUTH_SOCK > in shell environment from there (on real GNOME, some GNOME specific dbus > API is used for this). > > So, now the questions: > 1. Is this change in behavior ok? > 2. If not, how to enable it by default, to make it easier to disable it > if someone want to? >
1. Absolutely yes. The intrusion of the keyring in to SSH is longstanding bug. Will be good to see it gone. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161109115026.GB27762%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
