An issue than has creeped up in some of the more recent distributions of Ubuntu is the use of the Password Keyring. While a great idea for security, it makes it a bit more difficult to remotely reboot an Ubuntu computer if it is using a wireless connection. Fortunately a solution was available…
From Dave’s Tech Blog:
I would have made the title of this post “How to remove the Keyring password manager in Ubuntu Linux” but that’s kinda long… Anyway, you might be wondering what the keyring password manager is. It is a built in feature of Ubuntu that remembers passwords for things like FTP account logins, Evolution Email accounts, your wireless network authentication passwords, etc., and locks them all behind a kind of Master Password of sorts. So for example, lets pretend that the password for your wireless network was 64 characters long and was just a bunch of random numbers and letters that you’d only be able to remember if you were some kind of freak savant mathematician. The keyring password manager would remember this for you, but will only allow the system to access and use that long password after you grant it access to the keyring.
As nice and handy as this might sound to security buffs, it’s struck me as a minor inconvenience. For starts, if I were to configure Ubuntu to automatically login to my account after I turn the computer on, I would then also be asked to type in my keyring password so it would connect to my wireless network. This becomes a bigger problem if, for instance, I were to connect to my computer remotely and had to reset it for some reason, like applying a recent kernel update. The snag there would be that after restarting, my computer would boot up, but since I’m not physically sitting in front of it, it would sit there waiting for me to enter a keyring password before it would reconnect to my wireless network, and I’d have to go home or ask someone else to type in the password for me.
So what I’ve always wanted to have happen is this:
* I start or restart the computer by remote (such as through SSH or VNC).
* After booting it automatically logs into my account and connects to my wireless network without asking for any passwords along the way so I can VNC right back into the system with no further trouble.
I’ve finally learned how to do this, and it’s stupid easy to do.
There is of course a few security drawbacks about doing this. For starts, if any person were to gain physical access to my machine they’d be able to connect to my wireless network without needing to enter a password. Then again, if someone I don’t trust has somehow gained physical access to my machine I might as well go ahead and consider it to be compromised.
Now, if the PC were in an office with a bunch of random co-workers always around, I’d be a lot more concerned. If that were the case, I’d have that puppy locked down with a power on password, disable booting from the CD-ROM/Ethernet/USB in the BIOS, perhaps have a GRUB password and be working with an encrypted HD partition, and of course auto-login would be disabled so I would be required to enter anywhere from 2 to 3 different passwords just to login to the system. But this thing is in my house behind two large dogs and a dead-bolt locked door, functioning as a server that requires a password for me to access it by via SSH or VNC anyway. So for this particular PC, I see little harm in opting out of using this security feature.
So here’s how you get rid of the keyring manager. Please note this will erase saved passwords you have so be sure you know or remember them before you make your computer forget them:
1. Open up your Home Folder by clicking Places>Home Folder
2. Press CTRL-H (or click View>Show Hidden Files)
3. Find a folder called .gnome2 (it has a period at the beginning of the name) and open it by double clicking on it
4. In side of the .gnome2 folder, there is another folder called keyrings. Open it up.
5. Delete any files you find within the keyrings folder
6. Restart the computer
After you restart and login (if you’re automatically logging in) you’ll probably be asked to enter your wireless networks WPA/WEP encryption key. After you type that password in, the keyring manager will appear to let you know that it would like to handle the storage of that password and lock it away with a new keyring password. The box looks like this:
Instead of typing in a new password, leave both boxes completely empty and click Create.
You’ll then be asked if you know what the hell you’re doing:
Go ahead and click Use Unsafe Storage.
WARNING: Doing this creates a new file in your ~/.gnome2/keyrings/ folder called default.keyring and it will now house passwords IN CLEAR TEXT and not in an encrypted form. So it is imperative that you are certain no untrustworthy persons can access your user account (either physically or by remote) or they will be able to easily open and read this file and obtain many passwords (for things such as FTP accounts, SSH, e-mail accounts, etc). Proceed with caution.
From here on all keyring stored passwords you enter will not safeguarded behind a master password or encryption. Whether or not you want to do this is entirely up to you. I personally have had enough of the keyring manager and consider it kind of annoying. But as I said before, you may have certain environmental factors that make having a master password over the rest of your passwords a good idea. Keep in mind that the keyring password manager has absolutely nothing to do with your administrative/root privilages password that has to be entered any time you want to apply updates, or add/remove software. You will still have to type your account password in for these actions, and that is something I am quite comfortable with. I’m just happy I don’t have to have to ask my girlfriend to type in a keyring password every time I want to restart the computer while I’m away from home.