Gpg / ssh / gnome keyring recommendation

Hi there.

I’m running sway with greetd and I’ve been running into all kinds of issues around gnome keyring, ssh keys, etc.

I’m looking for recommendations/clarification on the following:

  • gnome keyring: home manager or nix config options? Currently it doesn’t unlock reliably. I think hm is the way to go enabling and setting the components.
  • ssh keys (don’t want to enter password): does adding ssh to the gnome keyring components negate the need for ssh-agent, or gpg-agent with ssh enabled?
  • or do I need to still configure one of the agents?
  • I see options to add greetd to the pam coming, but also sometimes see “login” also added. Not sure if that’s needed.
  • I have been looking at other configurations, and I see people combining all the above, and then at times also adding eval for the keyring daemon, sometimes setting env vars, etc. what’s “actually” needed?

I appreciate the clarification. :+1:

Here are a few more details:

  • I disabled ssh-agent as I want to use the ssh-agent built into gnome keyring
  • I have my keyring unlocking
  • sidenote: pretty sure it is working as my 1password 2fa is stored successfully
  • I can see the gnome keyring ssh-agent auto loading my keys from my ~/.ssh folder as expected (when I look in seahorse)
  • SSH_AUTH_SOCK is properly set to /run/user/1000/keyring/ssh
❯ echo $SSH_AUTH_SOCK
/run/user/1000/keyring/ssh
  • according to the arch wiki, ssh-add should still work, but it is not.
❯ ssh-add ~/.ssh/id_ed25519
Error connecting to agent: No such file or directory
  • The same wiki also mentions using /usr/lib/seahorse/ssh-askpass my_key to add it permanently. But when using the ssh-askpass on nixos, it prompts for the password, but then just exists, and echos the entered password in my terminal.

Any suggestions?

I am wondering if it is related to the GCR changes in gnome keyring. Trying to build out the service and socket files.

Did you get to the bottom of this? I have a similar setup and issue.

Unfortunately, no. I had to revert to Gnome for now while I continued to work on the setup. I needed it to " just work."

I am pretty convinced gnome keyring is just packaged without ssh support these days, but doesn’t fail in a very clear way that would convey it.

Could be, but does work under Gnome.