Recently installing Ubuntu on a new machine for the first time in a while, I was reminded of some obnoxious and potentially dangerous behavior regarding SSH agent (as articulated by my friend dkg a few years ago). In particular, Gnome Keyring is started by default, has some behavior that I don’t like, and is difficult to disable in favor of the SSH agent provided by Open SSH that I prefer. The Gnome Keyring behavior I don’t like is:
- It loads all keys in ~/.ssh automatically at startup
- You cannot remove these keys, even with ssh-add -D, and…
- The agent does not respect certain important constraints on added keys, such as the -c option, to be sure I have to confirm the use of loaded keys
For these reasons, I would much rather use Open SSH’s implementation of ssh-agent, but keeping Gnome Keyring from clobbering it took a little digging. Per Gnome’s documentation, I can disable its SSH Agent to use the one I prefer. Simply keeping the Gnome Keyring SSH Agent daemon from starting automatically with Unity does the trick, but as of Ubuntu 12.04 (Precise Pangolin), many startup applications are hidden from the Startup Applications manager by default.
To “unhide” the Gnome Keyring SSH Agent daemon, I changed NoDisplay=true to NoDisplay=false in Gnome Keyring’s SSH Agent X desktop configuration file:
At that point, “SSH Key Agent - GNOME Keyring: SSH Agent” appeared in the Startup Applications manager.
From there, I could uncheck the GNOME Keyring in the Startup Applications managaer, restart my Unity session, and I was back to my trusty Open SSH ssh-agent: