解锁自动登录用户的密钥环

tag-icon tag-icon fedora screen-sharing gnome-keyring
解锁自动登录用户的密钥环

我希望能够远程访问我的 GNOME 桌面。问题是 GNOME 的屏幕共享使用密钥环来存储其密码。因此,要使共享正常工作,登录的用户必须解锁 GNOME 密钥环。

我的问题是,我启用了自动登录,因此当系统启动并显示桌面时,我的密钥环保持锁定状态。我可以使用 SSH 连接从 CLI 开始屏幕共享:

# allow screen control
gsettings set org.gnome.desktop.remote-desktop.vnc view-only false
# use password authentication for VNC
gsettings set org.gnome.desktop.remote-desktop.vnc auth-method 'password'
# start sharing service
systemctl --user start gnome-remote-desktop

不幸的是,如果我尝试连接,密码交换会失败,因为 gnome-remote-desktop 无法访问密钥环。我尝试使用 secret-tool 将 SSH 密码设置为新密码,但出现相同的错误:

$ echo -n "random_pass" | secret-tool store --label="GNOME Remote Desktop VNC password" "xdg:schema" "org.gnome.RemoteDesktop.VncPassword"
secret-tool: Cannot create an item in a locked collection

我尝试从命令行解锁密钥环,但这似乎不起作用:

$ read -p "Enter your password: " -s pw && ( echo $pw | gnome-keyring-daemon --unlock )
Enter your password: SSH_AUTH_SOCK=/run/user/1000/keyring/ssh

我仍然无法让 secret-tool 访问密钥环。我还安装了一个名为的包,dnf install python3-keyring但它也解锁失败:

[user@fedora ~]$ keyring set "xdg:schema" "org.gnome.RemoteDesktop.VncPassword"
Password for 'org.gnome.RemoteDesktop.VncPassword' in 'xdg:schema':
Traceback (most recent call last):
  File "/usr/bin/keyring", line 33, in <module>
    sys.exit(load_entry_point('keyring==21.8.0', 'console_scripts', 'keyring')())
  File "/usr/lib/python3.10/site-packages/keyring/cli.py", line 133, in main
    return cli.run(argv)
  File "/usr/lib/python3.10/site-packages/keyring/cli.py", line 88, in run
    set_password(service, username, password)
  File "/usr/lib/python3.10/site-packages/keyring/core.py", line 60, in set_password
    get_keyring().set_password(service_name, username, password)
  File "/usr/lib/python3.10/site-packages/keyring/backends/SecretService.py", line 87, in set_password
    collection = self.get_preferred_collection()
  File "/usr/lib/python3.10/site-packages/keyring/backends/SecretService.py", line 67, in get_preferred_collection
    raise KeyringLocked("Failed to unlock the collection!")
keyring.errors.KeyringLocked: Failed to unlock the collection!

注意:所有这些都是在 Fedora 35 上

总结一下,我的问题是:如何仅使用通过 VPN 连接建立的 SSH shell 来解锁在启动时自动登录的用户的密钥环?

编辑:忘记提到一些重要的事情。删除密钥环密码(使其不受保护)可以解决问题,但这里的重点是保留密钥环密码。

答案1

我终于找到了一个可行的解决方案此帖子来自 UNIX stackexchange基本上,创建一个脚本必须有来源从 SSH 远程登录会话:

echo 'NOTE: This script will only work if launched via source or .' >&2
echo -n 'Login password: ' >&2
read -s _UNLOCK_PASSWORD || return
killall -q -u "$(whoami)" gnome-keyring-daemon
eval $(echo -n "${_UNLOCK_PASSWORD}" \
           | gnome-keyring-daemon --daemonize --login \
           | sed -e 's/^/export /')
unset _UNLOCK_PASSWORD
echo '' >&2

相关内容