解鎖自動登入使用者的密鑰環

tag-icon tag-icon fedora screen-sharing gnome-keyring
解鎖自動登入使用者的密鑰環

我希望能夠遠端存取我的 GNOME 桌面。問題在於 GNOME 的螢幕共享使用密鑰環來儲存其密碼。為了使共享運作正常,登入使用者必須解鎖 GNOME 密鑰環。

我的問題是我啟用了自動登錄,因此當系統啟動並顯示桌面時我的密鑰環保持鎖定狀態。我可以使用 SSH 連線從 CLI 啟動畫面共用:

# allow screen control
gsettings set org.gnome.desktop.remote-desktop.vnc view-only false
# use password authentication for VNC
gsettings set org.gnome.desktop.remote-desktop.vnc auth-method 'password'
# start sharing service
systemctl --user start gnome-remote-desktop

不幸的是,如果我嘗試連線密碼交換失敗,因為 gnome-remote-desktop 無法存取金鑰環。我嘗試使用 Secret-tool 將 SSH 密碼設定為新密碼,但出現相同的錯誤:

$ echo -n "random_pass" | secret-tool store --label="GNOME Remote Desktop VNC password" "xdg:schema" "org.gnome.RemoteDesktop.VncPassword"
secret-tool: Cannot create an item in a locked collection

我嘗試從命令列解鎖密鑰環,但這似乎不起作用:

$ read -p "Enter your password: " -s pw && ( echo $pw | gnome-keyring-daemon --unlock )
Enter your password: SSH_AUTH_SOCK=/run/user/1000/keyring/ssh

我仍然無法獲得秘密工具來存取密鑰環。我還安裝了一個名為dnf install python3-keyring但也無法解鎖的軟體包:

[user@fedora ~]$ keyring set "xdg:schema" "org.gnome.RemoteDesktop.VncPassword"
Password for 'org.gnome.RemoteDesktop.VncPassword' in 'xdg:schema':
Traceback (most recent call last):
  File "/usr/bin/keyring", line 33, in <module>
    sys.exit(load_entry_point('keyring==21.8.0', 'console_scripts', 'keyring')())
  File "/usr/lib/python3.10/site-packages/keyring/cli.py", line 133, in main
    return cli.run(argv)
  File "/usr/lib/python3.10/site-packages/keyring/cli.py", line 88, in run
    set_password(service, username, password)
  File "/usr/lib/python3.10/site-packages/keyring/core.py", line 60, in set_password
    get_keyring().set_password(service_name, username, password)
  File "/usr/lib/python3.10/site-packages/keyring/backends/SecretService.py", line 87, in set_password
    collection = self.get_preferred_collection()
  File "/usr/lib/python3.10/site-packages/keyring/backends/SecretService.py", line 67, in get_preferred_collection
    raise KeyringLocked("Failed to unlock the collection!")
keyring.errors.KeyringLocked: Failed to unlock the collection!

注意:所有這些都是在 Fedora 35 上進行的

回顧一下,我的問題是:如何僅使用透過 VPN 連線建立的 SSH shell 來解鎖在啟動時自動登入的使用者的金鑰環?

編輯:忘記提及一些重要的事情。刪除密鑰環密碼(使其不受保護)可以解決該問題,但這裡的重點是保留密鑰環密碼。

答案1

我終於找到了一個可行的解決方案這篇文章來自 UNIX stackexchange。基本上,創建一個腳本必須有來源從 SSH 遠端登入會話:

echo 'NOTE: This script will only work if launched via source or .' >&2
echo -n 'Login password: ' >&2
read -s _UNLOCK_PASSWORD || return
killall -q -u "$(whoami)" gnome-keyring-daemon
eval $(echo -n "${_UNLOCK_PASSWORD}" \
           | gnome-keyring-daemon --daemonize --login \
           | sed -e 's/^/export /')
unset _UNLOCK_PASSWORD
echo '' >&2

相關內容