http://bugzilla.opensuse.org/show_bug.cgi?id=1088564
Bug ID: 1088564 Summary: "ssh-agent" is not started on login to Plasma5-Wayland Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs@opensuse.org Reporter: nwr10cst-oslnx@yahoo.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Build Identifier:
This happens in both Leap 15.0 and Tumbleweed.
When I login to a Plasma5-Wayland session, "ssh-agent" is not running for the desktop session. This happens whether I use SDDM or GDM for the login manager.
I'm aware that Plasma5-Wayland isn't really ready for prime time. Still, it would be nice to have this fixed by the time Leap 15.0 is officially released.
My current workaround -- I'm starting "ssh-agent" in the shell startup file (with cross checks so that it isn't started if already running).
Reproducible: Always
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c1
Fabian Vogt fabian@ritter-vogt.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fabian@ritter-vogt.de, | |nwr10cst-oslnx@yahoo.com Flags| |needinfo?(nwr10cst-oslnx@ya | |hoo.com)
--- Comment #1 from Fabian Vogt fabian@ritter-vogt.de --- ssh-agent is never started by itself - how did you configure autostart?
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c2
Wolfgang Bauer wbauer@tmo.at changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |wbauer@tmo.at
--- Comment #2 from Wolfgang Bauer wbauer@tmo.at --- (In reply to Fabian Vogt from comment #1)
ssh-agent is never started by itself
It is started by /etc/X11/xdm/sys.xsession if a gpg config is found in the user's home.
Btw, I think there is another bug report already that this doesn't work on Wayland, but I'm not sure.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c3
--- Comment #3 from Fabian Vogt fabian@ritter-vogt.de --- (In reply to Wolfgang Bauer from comment #2)
(In reply to Fabian Vogt from comment #1)
ssh-agent is never started by itself
It is started by /etc/X11/xdm/sys.xsession if a gpg config is found in the user's home.
Btw, I think there is another bug report already that this doesn't work on Wayland, but I'm not sure.
If that's the only place, it's by design. No files in /etc/X11/ are ever read in a wayland session.
The correct place is in /etc/xdg/autostart/, it also has the benefit of it being visible in the autostart KCM.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c4
--- Comment #4 from Wolfgang Bauer wbauer@tmo.at --- (In reply to Fabian Vogt from comment #3)
If that's the only place, it's by design. No files in /etc/X11/ are ever read in a wayland session.
AFAICT, it is the only place. And that explains why this has been reported as bug at all I suppose.
The correct place is in /etc/xdg/autostart/, it also has the benefit of it being visible in the autostart KCM.
With gpg 2.1 or higher, gpg-agent should actually be autostarted on demand though AFAIK.
See also bug#1050438.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c5
Neil Rickert nwr10cst-oslnx@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(nwr10cst-oslnx@ya | |hoo.com) |
--- Comment #5 from Neil Rickert nwr10cst-oslnx@yahoo.com --- I'm not quite sure what you are asking.
ssh-agent has always been started for KDE and other desktops.
When Gnome first became available on Wayland, that had the same problem. It is now corrected, but I think that uses seahorse.
The KaOS distro does start ssh-agent on Wayland session startup (perhaps only if ".ssh" exists in home directory.
I can manage either way, but some consistency would be useful.
I'm currently starting from my shell startup script. That's ".login" since I am a csh user. In effect, the startup script checks whether $SSH_AUTH_SOCK is defined in the environment. If not defined, it uses: eval `ssh-agent -c` to start ssh-agent.
This depends on the session startup running the shell startup script. Starting as a normal autostart application probably would not work, because that would not set the environment for the entire session.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c6
Fabian Vogt fvogt@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fvogt@suse.com
--- Comment #6 from Fabian Vogt fvogt@suse.com --- (In reply to Neil Rickert from comment #5)
I'm not quite sure what you are asking.
ssh-agent has always been started for KDE and other desktops.
When Gnome first became available on Wayland, that had the same problem. It is now corrected, but I think that uses seahorse.
The KaOS distro does start ssh-agent on Wayland session startup (perhaps only if ".ssh" exists in home directory.
I can manage either way, but some consistency would be useful.
The only way I'd be happy with is an actual upstream way the same on every distro and DE. Implementing everything downstream is just a waste of time. Can you create an upstream bug on bugs.kde.org?
I'm currently starting from my shell startup script. That's ".login" since I am a csh user. In effect, the startup script checks whether $SSH_AUTH_SOCK is defined in the environment. If not defined, it uses: eval `ssh-agent -c` to start ssh-agent.
This depends on the session startup running the shell startup script. Starting as a normal autostart application probably would not work, because that would not set the environment for the entire session.
Indeed. You'd need to put it into ~/.config/plasma-workspace/env/.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c7
--- Comment #7 from Neil Rickert nwr10cst-oslnx@yahoo.com --- It seems that the recommended KDE way of doing this is with a suitable script in $HOME/.config/plasma-workspace/env
I've tested that with something like:
#### ksshagt.sh ### if [ -z "$SSH_AUTH_SOCK" ] ; then eval `ssh-agent -s` fi ####
The "if" test is needed, in case the KDE login is with X11, where there is already ssh-agent being started and we won't want to start a second one. And it is recommended that a shutdown script also be used to terminate ssh-agent on logout.
This seems to be working fine, and is probably better than using the standard shell startup script.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564
Maximilian Trummer opensuse@trummer.xyz changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |opensuse@trummer.xyz
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c9
--- Comment #9 from Maximilian Trummer opensuse@trummer.xyz --- *** Bug 1182869 has been marked as a duplicate of this bug. ***
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c10
--- Comment #10 from Maximilian Trummer opensuse@trummer.xyz --- (In reply to Neil Rickert from comment #7)
It seems that the recommended KDE way of doing this is with a suitable script in $HOME/.config/plasma-workspace/env
This blocks loading the desktop until you entered the KWallet password, but it works. I guess there's no way to make it asynchronous, right?
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c11
--- Comment #11 from Mathias Homann Mathias.Homann@opensuse.org --- there's a pam module that can unlock your wallet on log in.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c12
--- Comment #12 from Neil Rickert nwr10cst-oslnx@yahoo.com --- Responding to c#10
This blocks loading the desktop until you entered the KWallet password, but it works.
Then you are doing too much in your script. You are starting ssh-agent and you are adding a key.
Just start ssh-agent, then you won't run into problems. You can setup a separate script, maybe with systems-settings --> startup and shutdown for adding a key.
Starting ssh-agent needs to be done early in startup, so that the relevant ENVIRONMENT variables can be shared with the entire desktop. So it has to be synchronous. But adding a key can be done later in startup, because the key is just handed to the already running ssh-agent, which does any sharing needed.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c13
Ludwig Nussel lnussel@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@suse.com, | |sndirsch@suse.com Version|Leap 15.0 |Leap 15.4
--- Comment #13 from Ludwig Nussel lnussel@suse.com --- Can we find a solution that just works across Wayland, X11, DMs and DEs?
Ie move /usr/etc/X11/xdm/scripts/11-ssh-agent somewhere to be found by all methods?
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c14
--- Comment #14 from Stefan Dirsch sndirsch@suse.com --- I don't know. There are more scripts in this directory, which might be relevant for Wayland and others affected. It could be found before the move to /usr/etc and it can still be found when adjusting the path. Reference for the /usr/etc move: boo#1173049
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c15
--- Comment #15 from Ludwig Nussel lnussel@suse.com --- Any update on this? Today I switched to Wayland on TW for curiosity as I keep having isses with X but missing ssh-agent hits there too.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c16
--- Comment #16 from Stefan Dirsch sndirsch@suse.com --- I don't have any, but I already commented on this ...
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c17
Ludwig Nussel lnussel@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hpj@suse.com
--- Comment #17 from Ludwig Nussel lnussel@suse.com --- Looks like this is how Fedora does it: https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/ssh-agent.service
However, considering bug #1201564, maybe a socket unit would also work. Ideally we'd just set the default IdentityAgent setting in sshd to $XDG_RUNTIME_DIR/ssh-agent.socket so no env vars are needed by default.
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c18
--- Comment #18 from Ludwig Nussel lnussel@suse.com --- How about this?
https://build.opensuse.org/package/rdiff/home:lnussel:branches:network/opens...
http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 http://bugzilla.opensuse.org/show_bug.cgi?id=1088564#c21
Robert Riemann robert-suse@riemann.cc changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED CC| |robert-suse@riemann.cc
--- Comment #21 from Robert Riemann robert-suse@riemann.cc --- I switched now from X11 to Plasma Wayland and ssh-agent cannot be found anylonger.
Distributor ID: openSUSE Description: openSUSE Tumbleweed Release: 20221203
I run Tumbleweed as of 03 December 2022.