Greg’s Adventures

Ubuntu Keyring Gotcha

·3 mins

One nice feature you get for free with OSX is an automatic handy ssh keyring thingie that loads in all your private keys and optionally saves their passphrases to the native keychain app. This native keychain application has highly customizable security options that, when configured properly, make it difficult (impossible?) for someone without your account credentials to use your private key without providing the passphase, while still allowing for a “single sign on” experience of happiness.

I’m sure that I’m less secure by using this as I have it configured, which is slightly more relaxed than the voices in my head recommend, but a security plan in implementation is always a balance of convenience and security, and so I’m okay with the risks as long as I don’t think about them very long.

I’ve been experimenting with Ubuntu’s latest desktop release on my Zenbook Prime (it works nearly perfectly out of the box, by the way) and at first I was surprised there wasn’t something to do this automagically like on my Mac. As I’m sure you can guess, there is, but there is an associated gotcha.

On a Mac, all you need do is copy your private key to your .ssh folder with one of the default names, such as id_dsa. (it is possible it is even more flexible with names, but I didn’t test this) The next time you use the key, OSX will prompt you for the passphrase and offer to save it for you. I think it does this using an ssh-agent alike or plugin or something, but I don’t really know the details. It just works, like proper magic.

But when I tried this on the Ubuntu install, it didn’t prompt me on the gui level as I expected, but in the terminal like the ssh client normally does when you don’t have this magic happening. I puzzled around a bit, and after going down a few wrong paths, I figured it out.

Ubuntu expects to see a key-pair. That is, your private key (id_rsa or whatever) and the public key (id_rsa.pub or whatever). If it does not find both, the magic does not occur, and further, if you attempt to import your private key manually via sasquash or whatever the bizarrely named keychain management tool is on Ubuntu that I can never remember, you get an unhelpful error that doesn’t suggest it needs the public key file there too.

So the fix is to copy in your public key (properly named) and let the magic work. No fiddling is needed. Easy peasy!