I’m trying to use Bitwarden as my SSH agent on Bluefin, but I’m encountering an issue with Gnome Keyring’s SSH agent, which currently holds that role.
The problem is that Gnome Keyring aggressively sets the SSH_AUTH_SOCK environment variable to its own socket. I’ve attempted to override this using a configuration file in .config/environment.d, but it appears Keyring’s PAM module takes precedence. While I can manually add the SSH_AUTH_SOCK variable to my shell’s profile, this solution doesn’t extend to GUI applications.
Could anyone recommend the best method to either disable Gnome Keyring’s SSH agent specifically, or at least globally set the SSH_AUTH_SOCK to a different socket for the entire user session?
It’s important to note that I do not want to disable Gnome Keyring entirely, as I still rely on it for secret management. My goal is solely to prevent it from acting as an SSH agent.
I think I found a solution. I am not 100% sure that it works in Bluefin because I distrohoppend to Aeon Desktop, but I was faced with the same dilema there I think the solution should also work in Bluefin.
Gnome uses the XDG autostart to launch keyring. To prevent it you need to override it.
First copy the system .desktop file to your user’s autostart.
Done! Now you can freely set the SSH_AUTH_SOCK variable. The recommended method to do this is .config/environment.d.
Hope it works!
P.D.: Gnome 50 should shy away of this whole desktop files conundrum in favor of systemd services. When the time comes, systemctl --user disable --now gcr-ssh-agent.socket gcr-ssh-agent.service should do the trick.