I'd like to setup my env for passwordless login using u2f card, ie there is no password to unlock keyring with on startup, and prompt will appear on startup / on first use.
I found out, that I can simulate the situation it via locking the keyring using:
dbus-send --dest=org.gnome.keyring --print-reply /org/freedesktop/secrets org.freedesktop.Secret.Service.LockService
and then trying to access it. It won't be possible then I can do:
read -rsp pass: pass; echo -n "$pass" | gnome-keyring-daemon --replace --unlock
to 'unlock' it. Seems successful, but key keyring (seahorse) is not unlocked. What am I doing wrong?
also I'm using gpgagent, maybe that could be somehow related? I'm really lost in this area:
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye &> /dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
thanks.
unable to unlok keyring from cli
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
unable to unlok keyring from cli
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
- AZgl1800
- Level 20
- Posts: 11171
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: unable to unlok keyring from cli
To me,
it is much easier when doing a Fresh Install, to click the BOX for " Automatic Login "
That way, the PC will boot right up to the Desktop.
for me, my PCs are never out of my control, always in my house, or in my hands so that is not an issue.
it is much easier when doing a Fresh Install, to click the BOX for " Automatic Login "
That way, the PC will boot right up to the Desktop.
for me, my PCs are never out of my control, always in my house, or in my hands so that is not an issue.
Re: unable to unlok keyring from cli
Yes, that's an option for desktops, when you live alone without kids and work on your machine. For work laptops on not-that-secure locations and kids around, it's not ideal.
Typical solution is to have empty password in keychain. I can do that as last resort, or I can use password login and use u2f for other authentication only. That's trivial.
But really, if there is unlock option in `gnome-keyring-daemon --replace --unlock` and command allegedly succeeds, I'd like to have unlocked keyring. Maybe I'm doing something wrong...
Typical solution is to have empty password in keychain. I can do that as last resort, or I can use password login and use u2f for other authentication only. That's trivial.
But really, if there is unlock option in `gnome-keyring-daemon --replace --unlock` and command allegedly succeeds, I'd like to have unlocked keyring. Maybe I'm doing something wrong...
Re: unable to unlok keyring from cli
See "man gnome-keyring-daemon" with the "--unlock" option.