[OpenIndiana-discuss] Latest /hipster update problem (cannot remove network/ssh-askpass/zenity package)

Predrag Zečević - Technical Support Analyst predrag.zecevic at 2e-systems.com
Thu Feb 15 14:52:40 UTC 2018 

On 02/13/18 17:05, Jim Klimov wrote:
> On January 27, 2018 4:05:20 PM UTC, Jim Klimov <jim at cos.ru> wrote:
>> On January 26, 2018 9:18:33 AM UTC, "Predrag Zečević - Technical
>> Support Analyst" <predrag.zecevic at 2e-systems.com> wrote:
>>> On 01/25/18 20:57, alp at sfedu.ru wrote:
>>>> On 25.01.2018 18:55, Predrag Zečević - Technical Support Analyst
>>> wrote:
>>>>> Hi all,
>>>>>
>>>>> about one hour ago, I have update BE (saw FF update). Then I wanted
>>> to
>>>>> remove network/ssh-askpass/zenity (looks like it is not usable, but
>>>>> did not analyzed it properly) and got this error:
>>>>>
>>>>
>>>> ssh depends on ssh-askpass if xserver-common is installed.
>>>> ssh-askpass depends on ssh-askpass/zenity if zenity is installed.
>>>> So, if you have zenity, ssh and xserver-common installed, you need
>>>> ssh-askpass/zenity in your system :)
>>>
>>> OK,
>>> accepting explanation, but it looks like I do not understand its use
>>> properly...
>>>
>>> When I log-in to OI MATE (for example after update of BE and reboot),
>>> ssh-askpas zenity pops-up and asks for key password (I would expect
>>> that
>>> it will be saved to keystore).
>>>
>>> As soon as I try to do ssh to some box, another window pops-up ans ask
>>
>>> fo key password.
>>>
>>> Where I am making mistake?
>>>
>>> With best regards.
>>> Predrag Zečević
>>> -- 
>>> Predrag Zečević
>>> Technical Support Analyst
>>> 2e Systems GmbH
>>>
>>> tel: +49 - 6196 - 95058 - 15
>>> mob: +49 - 174 - 3109288
>>> fax: +49 - 6196 - 95058 - 94
>>> e-mail: predrag.zecevic at 2e-systems.com
>>>
>>> headquarter: 2e Systems GmbH, Koenigsteiner Str. 87, 65812 Bad Soden
>> am
>>>
>>> Taunus, Germany
>>> registration: Amtsgericht Koenigstein (Germany), HRB 7303
>>> managing director: Phil Douglas
>>>
>>> http://www.2e-systems.com/ - Making your business fly!
>>>
>>> _______________________________________________
>>> openindiana-discuss mailing list
>>> openindiana-discuss at openindiana.org
>>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>>
>> Interesting ... I upgraded recently, and see this behavior too. It
>> worked with code from a couple of months back, so something recent
>> broke it.
>>
>> I'd prefer have this restored, so I type my keypass once while
>> preparing the session to work, and not get hiccups to enter keys when I
>> actually do get to (net-)work...
>>
>> Jim
>> --
>> Typos courtesy of K-9 Mail on my Android
>>
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> https://openindiana.org/mailman/listinfo/openindiana-discuss
> 
> Hi,
> 
> I finally dug into the issue with details to be seen in OI IRC weblog.
> 
> The short outcome seems to be that the ssh-agent wraps the start of mate-session somehow, and as part of the session the gnome-keyring-daemon manager starts and hijacks the SSH_AUTH* envvars.
> 
> After some back and forth, I just did a `chmod -x /usr/bin/gnome-keyring*` and restarted X11 e.g. `systemctl restart lightdm` and got back the ssh-agent provided variables in env, so with my ~/.xsession including a
> 
>    /usr/bin/ssh-add </dev/null &
> 
> to ask for key password as soon as I log in (not when I first want to use it), and with ssh-askpass-zenity being the default (symlinked) implementation of password input for the job, things again work as I'm used to ;)
> 
> I'd let someone smarter with X11 to figure out why gnome keyring manager is so rude when another ssh-agent is already active.
> 
> Nothing seems broken as result of a quick inspection, e.g. the applets which want root password (nwam....) still work.
> 
> Jim
> --
> Typos courtesy of K-9 Mail on my Android
> 

Hi Jim, all,

I just have checked:

$ ps -ef | grep keyring
   global predrag*  2249     1   0 13:12:40 ?           0:00 
gnome-keyring-daemon --start

I could bet that this was earlier this line:
" /usr/bin/gnome-keyring-daemon --start --components=ssh "

Like it is mentioned in /etc/xdg/autostart/gnome-keyring-ssh.desktop file.
Why this suddenly ignores ""--components=ssh"" option is not clear to 
me... Most likely file /etc/lightdm/lightdm.conf needs to activate some 
option (there is no man page for it)

Thanks anyway for sharing your findings.

With best regards.
Predrag Zečević



Regards

-- 
Predrag Zečević
Technical Support Analyst
2e Systems GmbH

tel: +49 - 6196 - 95058 - 15
mob: +49 - 174 - 3109288
fax: +49 - 6196 - 95058 - 94
e-mail: predrag.zecevic at 2e-systems.com

headquarter: 2e Systems GmbH, Koenigsteiner Str. 87, 65812 Bad Soden am 
Taunus, Germany
registration: Amtsgericht Koenigstein (Germany), HRB 7303
managing director: Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

More information about the openindiana-discuss mailing list