Ealier I already wrote about using the gnome-keyring-daemon to automatically unlock the SSH key when logging into XFCE. The method I described in the latter of my posts had the drawback of launching a complete GNOME session together with all its associated services.

The way the developers of the daemon intended it to work uses DBUS to inject the global variables pointing the various sockets to be used by SSH and GnuPG into the global session environment. However XFCE does not support this injection which currently is one of the magic things happening when launching the GNOME environment at login time.

More information on the current state of the issue can be found in Redhat's Bugzilla in bug 551508. The workaround depicted there is to place the following into your ~/.profile file (or any other file evaluated during session initialization):

# add gnome-keyring-daemon to env
export `gnome-keyring-daemon --start`

To get free (no ads) SSH access to an unrooted Android device you can use DroidSSHd. First install the latest APK from here. Then open the DroidSSHd app on your device and enter a password in Preferences, Service and Authentication, Password. After this, hit Start and you should be able to connect to the IP and Port displayed.

Setting up keybased logins

At this point, only SSH will work. SFTP or SCP are not yet working and to copy your SSH key, we will have to live with SSH alone. Assuming your public key file is located at .ssh/id_rsa.pub, run on your desktop computer:

cat .ssh/id_rsa.pub | ssh -p <PORT> <IP> "cat - > /mnt/sdcard/.key"

The file will not be visible in the Android file manager, but you will be able to select it in the Public Key preference in DroidSSHd. After selecting the key, you should be able to login without a password.

SFTP - Mount the Device's Filesystem

In order to mount the device via Fuse/SSH you have to get SFTP working. The DroidSSHd app currently does not provide the required sftp-server binary. However you can download it here (local copy, MD5). Next, transfer the binary to the device by running (again on the desktop):

cat /<PATH-TO>/sftp-server | ssh -p <PORT> <IP> "cat - > /data/data/br.com.bott.droidsshd/files/bin/sftp-server"

You will most likely also have to make the file executable, so SSH to your Android device and run

android@android:/mnt/sdcard $ chmod 755 /data/data/br.com.bott.droidsshd/files/bin/sftp-server

Now you should be able to mount the device from your desktop like so:

$ sshfs -p <PORT> <IP>:/ <MOUNTPOINT>

In my case, this was:

sshfs -p 9922 tab.ea:/ fuse/ssh/

You should now be able to copy files from and this location as normal. Enjoy.

The problem

Some time ago, I manually hacked together a working setup to use gnome-keyring-daemon in xubuntu to automatically unlock my ssh key when logging in. This setup broke when I upgraded to Ubuntu Lucid and I have never tried to fix it in Maverick and Natty. With the arrival of Oneiric, I gave the gnome-keyring-daemon another try. Lo and behold - it works!

The fix

To enable the gnome-keyring-daemon, make sure to have GNOME services enabled in the XFCE session settings. Then add an entry to the xfconf database with the following command: xfconf-query -v -c xfce4-session -p /startup/ssh-agent/enabled -n -t bool -s false

That should do the trick. You can manage your keys using the seahorse GUI.

RHEL6 manages to break ssh key authentication using ssh-copy-id on the client. Searching the web, I dug out a blog post from John VanDyk where he explains that the problem is related to SELinux. He also provides a solution: Use restorecon to fix the security contexts for the files created by ssh-copy-id. cd /home/me
chmod go-rwx .ssh
restorecon -R -v .ssh
I suspect this only happens if you use ssh-copy-id to create the .ssh/authorized_keys file and place the first key in it.