May 042011

So it seems that xfce now, if gpg is installed, will use gpg-agent to manage your ssh keys rather than ssh-agent.

Frustrated by this, since it failed to load my ssh keys, I’ve finally figured out how to get xfce to not use gpg-agent. You need to set a couple of properties in the “xfconf properties DB”, that xfce checks when starting up. The simplest way to do that is to use the Setting Editor (aka the xfce4-settings-editor program) and add in the two following properties under the xfce4-session Channel:

/startup/ssh-agent/enabled (a boolean) to enabled
/startup/ssh-agent/type (a string) to ssh-agent

The trick is to make sure you type in the full path to the properties when creating them, otherwise the Setting Editor crashes.

Details, if you care…

I figured this out by first noticing that I couldn’t load my ssh keys using ssh-add (perhaps there is a gpg tool for this, I dunno). Looking at ps output I noticed there was no ssh-agent process running but there was a gpg-agent process running with an --enable-ssh-support arg passed to it. To figure out how to change that, I starting by looking at the /usr/local/bin/startxfce4 script which, in my case, ends up using /usr/local/etc/xdg/xfce4/xinitrc to start X via xinit.

In that xinitrc file, searching for “agent” there are some xfconf-query calls, which seems to be how xfce’s properties DB is queried. I tried using that xfconf-query to create new properties but couldn’t seem to get it to work. It sure looks like that’s possible, but the documentation on it is pretty much non-existent as far as I could tell. When I first came across this, I punted and just commented out the code in xinitrc, but after rebuilding something (xfce itself probably) I lost those changes as was back to not being able to load my ssh keys.

This time I tried using the GUI Setting Editor app which worked, as long as you type in the full path of the property to set. After that, I noticed that this properties DB is kept in xml files under a ~/.config/xfce4/xfconf/xfce-perchannel-xml/ dir. So perhaps this could have also been done by adding some xml code into the xfce4-session.xml file there.

 Posted by at 3:46 pm  Tagged with: ,

  4 Responses to “xfce without gpg-agent”

  1. Many thanks for this post, it helps me a lot solving a different problem. My xfce session (xfconf settings) does not have the two keys, it has no ‘startup’ key in channel ‘xfce4-session’ in its db, so when I close xfce the pgp-agent program is not killed. I added the two keys and now all works fine.
    I don’t know why the two keys are not present on my machine (FreeBSD), I keep it updated with ports, perhaps I failed doing this at some point.
    The test in xinitrc produces bad results, the test looks if ‘/startup/ssh-agent/enabled’ is not ‘false’, so if the key doesn’t exists it returns an empty string passing the test, the pgp-agent will be started but with no valid kill command.
    Thanks again

  2. here’s how to do it in command line:

    xfconf-query -n -t bool -c xfce4-session -p /startup/ssh-agent/enabled -s true
    xfconf-query -n -t string -c xfce4-session -p /startup/ssh-agent/type -s ssh-agent

  3. Thank you for solving the mystery of where the second gpg-agent instance came from on my machine. One instance is controlled by Xsession config (/etc/X11/Xsession.d/90gpg-agent), but I couldn’t find the config that corresponded to the second one. Xfce config it was. Looks like the gpg-agent package adds itself to Xsession startup. That’s what I get for installing Xfce into a stock Ubuntu.

  4. Thanks a lot for this unravelling.

Leave a Reply to James W. Cancel reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



This site uses Akismet to reduce spam. Learn how your comment data is processed.