​Ubuntu Class|What is a key ring and how to use it?

If you use automatic login in Ubuntu or other Linux distributions, you may have encountered the following pop-up message:

Enter the password to unlock your login key ring

When logging in to the computer, the login key ring is not unlocked

If you keep clicking "Cancel", it will pop up several times and then disappear. You may be wondering why you always see this message and is it an error message, but it is actually a safety feature.

First, let's first understand the concept of keyring in Linux.

**What is a key ring in Linux and why should I use it? **

Why use a key ring in real life? You can use it to group one or more keys together for easy searching and carrying.

It is the same concept in Linux. The key ring function allows your system to group various ciphers together and keep them in one place.

Most desktop environments (such as GNOME, KDE, Xfce, etc.) use the implementation of gnome-keyring to provide this keyring function in Linux.

This key ring retains the ssh key, GPG key, and the keys of applications that use this function (such as the Chromium browser). By default, the keyring is locked with the master password, which is usually the login password for the account.

Each user on the system has its own key ring, and (usually) the password is the same as the password of the user account itself. When you log in to the system with a password, your keyring will be automatically unlocked with the password of your account.

When you switch to automatic login in Ubuntu, problems arise. This means you can log in to the system without entering a password. In this case, your keyring will not be automatically unlocked.

The keyring is a security feature

Remember I told you that the key ring is a security feature? Now imagine that on the Linux desktop, you are using automatic login. Anyone who has access to your desktop can enter the system without a password, and most people will find it no problem, because generally speaking, you are the only person to log in with it.

However, if you use a browser like Chromium or Google Chrome in Ubuntu, and use it to save login passwords for various websites, there will be some security risks, because at this time anyone can log in to your browser. Do you think the risk is still great for websites that have saved passwords?

This is why when you start using Chrome, it will ask you to unlock the key ring repeatedly. This ensures that only people who know the key ring password (ie account password) can log in to their respective websites using the password saved in the browser.

If you continue to cancel the prompt to unlock the key ring, it will eventually disappear and let you use the browser. However, the saved password will not be unlocked and you will see "Sync paused" in Chromium/Chrome browser.

**If this key ring has always existed, why have you never seen it? **

If you have never seen this key ring problem in a Linux system, then this is a valid problem.

If you have never used automatic login (or changed the password of your account), then you may not even realize the existence of this feature.

This is all because when you log in to the system with a password, your keyring will automatically unlock with your account password.

Ubuntu (and other distributions) will set passwords for some common management tasks, such as modifying users, installing new software, etc., regardless of whether it is automatically logged in. But for regular tasks such as using a browser, it will not ask for a password because the key ring is already unlocked.

After switching to automatic login, you do not need to enter the login password again. This means that the key ring is not unlocked, so when you try to log in to a browser that uses the key ring function, it will ask to unlock the key ring.

You can easily manage keyrings and passwords

The core of this keyring is the daemon (a program that runs automatically in the background).

Most desktop environments have graphical applications that interact with the daemon. For example, on KDE, there is a KDE wallet on GNOME, etc., called "password and key" (originally called Seahorse).

Password and key applications in Ubuntu You can use this GUI application to view applications that use keyring to manage/lock passwords.

As you can see, my system has an automatically created login key ring. There is also a key ring for storing GPG and SSH keys. The certificate is used to reserve the certificate issued by the certificate authority (such as the HTTPS certificate).

You can also use this application to manually store website passwords. For example, I created a new password-protected key ring called "Test" and manually stored the password in the key ring.

This is better than keeping the password list in a text file. At least you can view the password only when you unlock the keyring with the password.

A potential problem here is that if you format the system, you will definitely lose the manually saved password. Usually, you are backing up personal files, not all user-specific data (such as key ring files).

But there are also ways to deal with this problem. Keyring data is usually stored in the ~/.local/share/keyrings directory. You can see all the key rings here, but you can't see its contents directly. If you delete the keyring password (I will show the steps later in this article), you can read the contents of the keyring like a regular text file. You can also completely copy this unlocked key ring file and import it into the "Passwords and Keys" application on other Linux computers (running this application).

So let me summarize what we have introduced so far:

Change key ring password

Suppose you changed your account password. Now, when you log in, the system will try to automatically unlock the key ring with the new login password. But the key ring still uses the old login password.

In this case, you can change the key ring password to a new login password to automatically unlock the key ring immediately after logging in to the system.

Open the "Passwords and Keys" application from the menu:

Now, right-click the login keyring and click Change Password:

What if you forget your old login password?

Disable key ring password

If you want to use automatic login but don't want to manually unlock the key ring, you can choose to use a workaround to disable the key ring. Remember, you are disabling security features, so please think twice.

The process is similar to changing the key ring password. Open the "Passwords and Keys" application and proceed to change the keyring password.

The trick is that when it asks to change the password, do not enter the new password, but click "Continue". This step will delete all passwords from the key ring.

In this way, the key ring will have no password and will always remain unlocked.

Recommended Posts

​Ubuntu Class|What is a key ring and how to use it?
How to install and use Docker on Ubuntu 20.04
How to install and use Curl on Ubuntu 18.04
How to install and use Wine on Ubuntu 18.04
How to install and use Composer on Ubuntu 20.04
How to install and use BaasBox on Ubuntu 14.04
How to install and use Docker on Ubuntu 16.04
How to create and use MongoDB backups on Ubuntu 14.04
How to install and use MySQL Workbench on Ubuntu 18.04
How to install memcache and start it in ubuntu environment
How to use hanlp in ubuntu
How to use and and or in Python
How to use Samba server on Ubuntu 16.04
How to install Ubuntu20.04 and install NVIDIA driver
How to use Prometheus to monitor your Ubuntu 14.04 server
How to install Pycharm and Ipython on Ubuntu 16.04/18.04
How to install and configure NATS on Ubuntu 16.04
How to install and configure Gogs on Ubuntu 18.04
How to modify time zone and time in ubuntu
How to configure TensorFlow use environment in Ubuntu
How to install and use Docker on CentOS 7
How to install and configure Cyberpanel on Ubuntu 18.04
How to install and secure phpMyAdmin on Ubuntu 16.04
How to install and configure ownCloud on Ubuntu 16.04
How to use Nginx's map module on Ubuntu 16.04
How to install and configure GitLab on Ubuntu 18.04
How to install and configure Ansible on Ubuntu 18.04
How to use dpkg command in Ubuntu system
How to use Docker data volumes on Ubuntu 14.04
How to install and use Composer on CentOS 8
How to install and secure phpMyAdmin on Ubuntu 16.04
How to install and configure PostGIS on Ubuntu 14.04
How to install and configure VNC on Ubuntu 18.04
How to install and configure Sphinx on Ubuntu 16.04
How to use Jenkins to build automatically on Ubuntu
How to install and configure OrientDB on Ubuntu 14.04
How to install and use Curl on CentOS 8
How to install and configure AppScale on Ubuntu 12.04
How to install and configure PostGIS on Ubuntu 14.04
How to repackage Deb files under Debian and Ubuntu
How to set up a DNS server on Ubuntu 18.04
How to upgrade to Ubuntu 20.04
How to start a blog with Hexo on Ubuntu 14.04
How to configure a fixed IP based on Ubuntu 18.04
How to use Putty to log in to ubuntu installed in VirtualBox
How to install and use Cockpit on CentOS 8/RHEL 8
How to modify time zone and time in ubuntu system
How to install theano and keras on ubuntu system
How to create a Python virtual environment in Ubuntu 14.04
How to repair a damaged Ubuntu system without reinstalling
How to set a fixed IP based on Ubuntu 16.04
How to upgrade to Ubuntu 20.04
How to set up Java Home on Ubuntu and Raspbian
How to set up a Masterless Puppet environment on Ubuntu 14.04
Teach you how to build a Git server on Ubuntu
How to set up a firewall with UFW on Ubuntu 14.04
How to set up a production Elasticsearch cluster on Ubuntu 14.04
How to compile and install PHP and Nginx in Ubuntu environment
How to install JDK and Mysql on Ubuntu 18.04 linux system
How to create a Sudo user on Ubuntu [Quick Start]
How to use python tuples