Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Article
ID: AR12M00868
Applies to: NoMachine Server
Added on: 2015-12-10
Last Update: 2015-12-15

How to solve agent SSH forwarding issues in GNOME virtual desktops

In some cases, the SSH agent forwarding doesn't work in a NoMachine virtual desktop. This happens with some desktop managers (e.g. GNOME  version 2.30.x or 3.8.x  and MDM version 1.6.x) which overwrites the SSH agent socket set by NoMachine at session startup.
 
In similar cases, you may verify if the SSH agent socket exists and if it is set correctly a explained below.
 

How to verify if the agent socket exists and it's correct

1) Open a console and execute the following command: 

   ssh-add -l

 
If path to the key is displayed, it means that the key is available, i.e. it has been forwarded.
 
For example:
2048 key-fingerprint(xx:xx:....) /home/username/.ssh/id_rsa (RSA)
 
When a message like "The agent has no identities" is printed, no key is available.
In this case you may apply the 'Workaround for already running sessios' below or follow instructions to prevent the SSH socket to be overwritten and create a new session.
 
2) When the key is available, execute the following command to verify if it's set correctly:

   echo $SSH_AUTH_SOCK

 
There can be three different cases:

i) The output points to the 'agent.pid'  or 'sshAgentSocket' file in the SSH agent working directory. This means that the agent socket is set correctly.

ii) The output is empty. In this case the key has not been forwarded.


iii) The output points to some files in '/tmp/keyring'. This indicates that the agent socket has been overwritten by the desktop manager keyring (i.e. the desktop application in charge of managing user's security credentials).
 
 
 
How to prevent that the SSH agent socket is overwritten
 
In order to prevent the desktop manager from overwriting the SSH agent socket while the user logs-in to the desktop, you may disable the keyring. For example to disable the GNOME keyring access the System-> Preferences-> Startup Applications panel and uncheck 'gnome-keyring-daemon'.
 
As an alternative you may apply the following manual procedure:

 1) Edit the keyring file in the /etc/xdg/autostart/  directory. Depending on GNOME version it may be gnome-keyring-gpg.desktop, gnome-keyring-daemon.desktop or similar. In this file add this line:

GNOME-Autostart-enabled=false

For example:
echo 'X-GNOME-Autostart-enabled=false' >> /etc/xdg/autostart/gnome-keyring-daemon.desktop
 
 
Workaround for already running sessions

If the virtual desktop session is already running and the session cannot be re-created, you may use the following workaround:

 
in a console execute:

export SSH_AUTH_SOCK="path to ssh agent socket"

where "path to ssh agent socket" is something like "/tmp/ssh-*********/agent.pid". Pid is the SSH agent pid.