Ubuntu: How to disable the keyring for SSH and GPG?


How to disable the keyring for SSH and GPG ?

I would like to keep the keyring for the wifi and other stuff. I'm using Ubuntu 12.04.


First duplicate the file /etc/xdg/autostart/gnome-keyring-ssh.desktop into ~/.config/autostart/.

Then edit ~/.config/autostart/gnome-keyring-ssh.desktop in order to remove the following line:


and to add the following line at the end:


This should disable SSH management when you restart your session. To disable GPG, do the same with the file /etc/xdg/autostart/gnome-keyring-gpg.desktop.


In a terminal session (using Ctrl-Alt-T) you can stop the gnome-keyring process from working with ssh by using:

unset SSH_AUTH_SOCK   

The --no-use-agent option is available to gpg to avoid using the gnome-keyring process with gpg, however that is the default.

You can stop the nautilus seahorse-tool from using the gpg-agent by using:

rm `echo $GPG_AGENT_INFO | sed s/:0:1//`  

You can stop the gnome-keyring process completely with the command:


Each of the above actions is restored by logging in again.

Wifi passwords available to all userids are stored in the /etc/NetworkManager/system-connections/ directory rather than being stored in your gnome keyring, so they can remain available if you kill the gnome-keyring process.

The ssh-add command can be used to delete (or add) specific keys from/to the current gnome-keyring while the keyring process is running.

Individual key passwords can be deleted from the login or other keyring using the Passwords tab of the Passwords and Keys program (seahorse).

If the gnome-keyring isn't present, ssh-agent will still be running, but it doesn't store gpg keys.

There are two lines in /etc/pam.d/lightdm involved with saving the login password and starting the gnome-keyring-daemon with the login keyring unlocked with the login password. The second starts the daemon:

session optional        pam_gnome_keyring.so auto_start  

Commenting out just this line would stop it from starting for all sessions of all users of your system using the login password to unlock the login keyring.

/etc/xdg/autostart/ contains start entries for various categories of secrets gnome-keyring can handle. To stop the daemon from starting these components these files can be moved out of this directory. You can move all the gnome-keyring-* files to stop the daemon from starting or can simply refuse to supply the login password again to disable the login keyring while leaving the daemon running.


With current version of Ubuntu, changing the .desktop file mentioned in other answers is not sufficient anymore. An additional upstart job was added that also starts gnome-keyring-daemon. The file is located in /usr/share/upstart/sessions/gnome-keyring.conf and contains:

eval "$(gnome-keyring-daemon --start)" >/dev/null  initctl set-env --global SSH_AUTH_SOCK=$SSH_AUTH_SOCK  initctl set-env --global GPG_AGENT_INFO=$GPG_AGENT_INFO  

Here the daemon needs to be restricted to only provide some services by adding --components=pkcs11,secrets to the command line. The initctl lines can also be removed, resulting in:

eval "$(gnome-keyring-daemon --start --components=pkcs11,secrets)" >/dev/null  


To stop gnome-keyring from starting its (broken) SSH agent on Ubuntu 16.04:

mkdir ~/.config/upstart || true  echo manual > ~/.config/upstart/gnome-keyring-ssh.override    # This step can be done with the gnome-session-properties tool  mkdir ~/.config/autostart || true  cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart  echo 'X-GNOME-Autostart-enabled=false' >> ~/.config/autostart/gnome-keyring-ssh.desktop  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »