KB Article #182341

Unlock gnome-keyring session for SSH sessions to work with Secure Client

Problem

Gnome-keyring session is not unlocked upon SSH session start and Secure Client cannot work with it.

Resolution

IMPORTANT NOTE: This solution is for use cases when a separate user dedicated to Secure Client is used.


Adding PAM.d configuration that unlocks the gnome-keyring session automatically upon SSH login and assigns it to the D-BUS session.

Environment variables in .bash_profile:

export DISPLAY=:0


In .bash_profile at the end:

if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
exec dbus-run-session -- bash
echo "D-Bus per-session daemon address is: $DBUS_SESSION_BUS_ADDRESS"
fi


Fixing gnome-keyring, adding PAM configuration for SSHD

add the following near the end of auth: 

vi /etc/pam.d/sshd
auth       optional     pam_gnome_keyring.so


after all auth configurations add near the end of sessions: 

#gnome-keyring PAM setup
session optional        pam_gnome_keyring.so  auto_start


fixing d-bus and gnome-keyring-daemon to keep one session per login session 

vi .bash_logout
# ~/.bash_logout
# Check if we are the "parent" shell in a ssh session
[ "$(cat /proc/$PPID/comm)" == "sshd" ] || return
cgroup=$(awk -F ':' '$2 == "name=systemd" { print $3 }' /proc/self/cgroup)
[ -n "$cgroup" ] || return
# Search for "dbus-[daemon|launch]" programs running for this session
for pid in $(cat /sys/fs/cgroup/systemd/$cgroup/tasks 2>/dev/null); do
    comm=$(cat /proc/$pid/comm 2>/dev/null)
    case "$comm" in
    dbus-daemon|dbus-launch)
        echo "Killing '$comm' (PID $pid) ..."
        kill $pid
        ;;
    esac
done
# to kill remaining gnome-keyring-daemon processes.
pkill -u sclient

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.