How To Remove Ubuntu’s Password Keyring
I would have made the title of this post “How to remove the Keyring password manager in Ubuntu Linux” but that’s kinda long… Anyway, you might be wondering what the keyring password manager is. It is a built in feature of Ubuntu that remembers passwords for things like FTP account logins, Evolution Email accounts, your wireless network authentication passwords, etc., and locks them all behind a kind of Master Password of sorts. So for example, lets pretend that the password for your wireless network was 64 characters long and was just a bunch of random numbers and letters that you’d only be able to remember if you were some kind of freak savant mathematician. The keyring password manager would remember this for you, but will only allow the system to access and use that long password after you grant it access to the keyring.
As nice and handy as this might sound to security buffs, it’s struck me as a minor inconvenience. For starts, if I were to configure Ubuntu to automatically login to my account after I turn the computer on, I would then also be asked to type in my keyring password so it would connect to my wireless network. This becomes a bigger problem if, for instance, I were to connect to my computer remotely and had to reset it for some reason, like applying a recent kernel update. The snag there would be that after restarting, my computer would boot up, but since I’m not physically sitting in front of it, it would sit there waiting for me to enter a keyring password before it would reconnect to my wireless network, and I’d have to go home or ask someone else to type in the password for me.
So what I’ve always wanted to have happen is this:
- I start or restart the computer by remote (such as through SSH or VNC).
- After booting it automatically logs into my account and connects to my wireless network without asking for any passwords along the way so I can VNC right back into the system with no further trouble.
I’ve finally learned how to do this, and it’s stupid easy to do.
There is of course a few security drawbacks about doing this. For starts, if any person were to gain physical access to my machine they’d be able to connect to my wireless network without needing to enter a password. Then again, if someone I don’t trust has somehow gained physical access to my machine I might as well go ahead and consider it to be compromised.
Now, if the PC were in an office with a bunch of random co-workers always around, I’d be a lot more concerned. If that were the case, I’d have that puppy locked down with a power on password, disable booting from the CD-ROM/Ethernet/USB in the BIOS, perhaps have a GRUB password and be working with an encrypted HD partition, and of course auto-login would be disabled so I would be required to enter anywhere from 2 to 3 different passwords just to login to the system. But this thing is in my house behind two large dogs and a dead-bolt locked door, functioning as a server that requires a password for me to access it by via SSH or VNC anyway. So for this particular PC, I see little harm in opting out of using this security feature.
So here’s how you get rid of the keyring manager. Please note this will erase saved passwords you have so be sure you know or remember them before you make your computer forget them:
- Open up your Home Folder by clicking Places>Home Folder
- Press CTRL-H (or click View>Show Hidden Files)
- Find a folder called .gnome2 (it has a period at the beginning of the name) and open it by double clicking on it
- In side of the .gnome2 folder, there is another folder called keyrings. Open it up.
- Delete any files you find within the keyrings folder
- Restart the computer
After you restart and login (if you’re automatically logging in) you’ll probably be asked to enter your wireless networks WPA/WEP encryption key. After you type that password in, the keyring manager will appear to let you know that it would like to handle the storage of that password and lock it away with a new keyring password. The box looks like this:
Instead of typing in a new password, leave both boxes completely empty and click Create.
You’ll then be asked if you know what the hell you’re doing:
Go ahead and click Use Unsafe Storage.
WARNING: Doing this creates a new file in your ~/.gnome2/keyrings/ folder called default.keyring and it will now house passwords IN CLEAR TEXT and not in an encrypted form. So it is imperative that you are certain no untrustworthy persons can access your user account (either physically or by remote) or they will be able to easily open and read this file and obtain many passwords (for things such as FTP accounts, SSH, e-mail accounts, etc). Proceed with caution.
From here on all keyring stored passwords you enter will not safeguarded behind a master password or encryption. Whether or not you want to do this is entirely up to you. I personally have had enough of the keyring manager and consider it kind of annoying. But as I said before, you may have certain environmental factors that make having a master password over the rest of your passwords a good idea. Keep in mind that the keyring password manager has absolutely nothing to do with your administrative/root privilages password that has to be entered any time you want to apply updates, or add/remove software. You will still have to type your account password in for these actions, and that is something I am quite comfortable with. I’m just happy I don’t have to have to ask my girlfriend to type in a keyring password every time I want to restart the computer while I’m away from home.
January 27th, 2009 at 3:24 am
Thanks Dave,
My computer is also behind locked doors, so nice to unlock this for good.
February 24th, 2009 at 8:05 pm
Thanks for that. This feature seems pointless because if you are worried about multiple users you would disable autologin of the OS.
March 3rd, 2009 at 12:29 pm
Thanks for posting this advice. This was getting on my nerves and each time I typed the password I would think that it was better for me to find some howto on how to bypass this. I googled a bit and found yours, which worked like a charm. Thanks a lot!
March 6th, 2009 at 4:23 am
Dear sir
Thank you for solution. It worked for me. Keep it up. Thanks once again. Ramachandran
March 12th, 2009 at 5:05 pm
Thanks a bunch… Great post…
March 21st, 2009 at 9:56 pm
My hat’s off to you, sir. It worked.
Here’s an FYI for those using Intrepid 64-bit.
The WLAN login will be a little different.
After you’ve entered your wireless network password, a dialog will pop up telling you that the keyring wants to store your password. Your choices will be “Deny”, “Allow Once”, or “Always Allow”.
I selected “Always Allow” and the next time I booted up, the system didn’t even ask for the network pass. It logged right in with no questions at all.
April 7th, 2009 at 10:46 am
amazing! I was not easy to find this solution…
April 24th, 2009 at 11:52 pm
A HUGE thank you to you Dave!
I was seriously considering dumping Ubuntu (it is still a possiblity) the idiotic changes they have made are really annoying. Next fix is to re-enable ctrl-alt-backspace… Their instructions were of no help. I am still stumped at how they can say they disabled it due to people “accidentally” hitting this combinations…HOW do you accidentally hit these three keys?!?!?!
April 25th, 2009 at 8:00 am
Thanks, nice and simple solution. Your solution stays the same in Ubuntu 9.04.
Btw first in Google search on “ubuntu wireless keyring password”.
April 25th, 2009 at 6:48 pm
Thanks for the post. It works great
April 29th, 2009 at 11:46 pm
Excellent, I have been fighting with this for days, it has made my life so much easier.
May 3rd, 2009 at 6:01 pm
Thanks Dave,
Worked great on 9.04, I’m new to ubuntu, just installed it for the first time last week when Jaunty was released. Typing in the password every time I rebooted was one of the few things I did not like. This post is definitely going to help me stay.
May 4th, 2009 at 11:36 am
ehh.. amazing ))
May 8th, 2009 at 7:25 am
You use Ubuntu and have a girlfriend?
May 14th, 2009 at 2:48 pm
This keyring prompt is (now was) SO annoying. Many thanks!!
May 24th, 2009 at 1:04 pm
bob said
> You use Ubuntu and have a girlfriend?
The earliest versions of Ubuntu came with girlfriends included. Well, pictures of women some found to be too racy.
The developers quickly realized Ubuntu men and women had women and men in their lives who did NOT appreciate the photos, so Ubuntu chose to remove them. http://lwn.net/Articles/165751/
If you made that comment about Slackware, on the other hand…
May 24th, 2009 at 3:36 pm
Good how-to! I also hate the silliness of it. In Kubuntu I removed kwallet for the same reason however, you have to disable it before you can remove it. Other than waste the user’s time I have never found a good reason for making your own computer almost impossible for you to use!
May 24th, 2009 at 4:57 pm
Thanks a lot. Now I can control my server completely via Vino.
May 25th, 2009 at 1:33 am
Tommy, you crack me up.
June 10th, 2009 at 5:28 pm
Kudos dude. That’s been pissing me off for days.
June 17th, 2009 at 11:44 am
Obviously I had the same issues. Thanks for this fix.
Just to cross reference, this post explains the problem in great detail.
http://blogs.computerworld.com/ubunti_wi_fi_password_problems?page=1
June 20th, 2009 at 1:30 pm
Cheers, annoying problem solved… much appreciated
June 21st, 2009 at 4:40 pm
Great. I Googled for this but the suggestions on the other sites didn’t work.
June 27th, 2009 at 11:46 am
Dave, you may want to clarify that what is being done here is not removing the keyring, just its master password. After following your instructions, users will find a new, clear-text keyring named “default.keyring” stored in their .gnome2 folder.
June 28th, 2009 at 7:39 am
Thanks for this! Was driving me mad on my eee PC.
This information should be shown at create keyring time. “Note: Creating a blank password keyring will blah blah”
June 28th, 2009 at 10:51 am
@DaveM: Thanks, will do.
@Mark: You might search Ubuntu Brainstorm to see if anyone has suggested this yet, and if not, throw a well written idea in that you think would get a lot of votes. I wish it were easier than this, too… but it’s just the way things go when it comes to “wishlist” fixes.
July 1st, 2009 at 9:16 pm
thanx a lot!!!!!!!!!!!great job!!!!!!!
July 19th, 2009 at 6:09 am
Thanks, Dave, for this how-to. I actually needed this information to correct an error that stemmed from updating from a prior version of Ubuntu. When I first installed a very old version of Ubuntu on this computer, I had created a 7-character password for my login account.
Recently, I installed Ubuntu 9.04 on a different computer and tried to use the same 7-character password. To my surprise, Ubuntu stopped me from using such a short password, and insisted I use a longer one!
I thought nothing of it, until I tried upgrading Ubuntu on this computer to version 9.04. After the upgrade (which proceeded without a hitch), I could no longer log into my account. I then realized that Ubuntu wasn’t accepting my previously generated 7-character password! I used some information found on-line to remove my old password, and replace it with a longer one. Now, I could log in to Ubuntu on this machine, but was prompted for the keyring password (which happened to match my “old”, shorter login password).
Using the information in this how-to, I was able to remove the login.keyring file. After rebooting, I was asked to supply the WPA pass phrase (just as your article stated), but after doing so, the keyring manager DID NOT APPEAR!!
I checked my hidden folder, and found that a new login.keyring file had been created. However, the next time I rebooted, my wireless network connected automatically, AND I WAS NOT PROMPTED FOR A KEYRING PASSWORD!!!
As far as I’m concerned, that’s the best of both worlds. My passwords are still encrypted, but (by default?) the keyring password seems to have been set to match my login password.
Again, many thanks for your help.
July 20th, 2009 at 6:03 pm
Thanks alot, I am new to Linux and this is a great help; at least I have one of a thousand questions answered. Thanks again!
July 20th, 2009 at 7:04 pm
Can I do the same with my Ubuntu remix version?
July 23rd, 2009 at 10:41 am
Thanks for this how to. I was getting annoyed with having to type my password every login just to use rhythmbox and last.fm/libre.fm scrobbling feature. You saved me from that
July 25th, 2009 at 3:32 pm
@Calvin: I’ve not used the Ubuntu Remix edition but there is a very good chance it works the exact same way. Give it a try and just make backups of any files you might modify/delete in case something goes wrong.
July 29th, 2009 at 9:37 pm
You sir are a genius. Been trying to get around that for ages.
August 1st, 2009 at 5:12 pm
I did this and now it won’t save my wireless WEP password. So i have to enter the password to connect to the wireless network. Anyone else having this problem? I’m using Ubuntu Netbook Remix
August 6th, 2009 at 6:51 pm
Well I guess I stand corrected about this probably working in Ubuntu Netbook Remix edition….
Anyone know of a possible work-around?
August 14th, 2009 at 7:33 pm
Many Thanks.
Worked brilliantly on Ubuntu Netbook Remix installation on an Acer Aspire One.
Cheers
August 16th, 2009 at 5:53 pm
Works like a charm! Thank you random internet guy!
August 20th, 2009 at 4:28 pm
Finally!! After an hour and a half and trying 5 or so different solutions this is the one that actually works, and dead simple too! Many Thanks!
September 19th, 2009 at 3:53 am
Thanks very much indeed.
September 30th, 2009 at 2:34 pm
big up! thank you very much!
October 13th, 2009 at 6:32 am
Thanks a lot for this. My server now works great.
October 18th, 2009 at 12:32 am
i followed the step to remove, worked fine, how ever on inspection of the file ,found the key NOT to be in plain test format.
[Portion removed by by David Steinlage]
so is it still encrypted?
David Steinlage: NO, as stated in the post, the keys will not be encrypted. They might LOOK encrpyted, but that’s actually the “real” key your computer transmits to your wireless router when it authenticates itself. For example, when you create a WEP key, you usually start off with a passphrase but it’s converted into a hexidecimal string, so it may not look like plain text in it’s raw format, but should still be treated as such. Good thing I edited your comment before posting it or I would have given your wireless rouuter’s password away on the Internet.
November 15th, 2009 at 12:37 pm
In 9.1 you can merely edit the connection setting to allow everyone access to the network. Then when Ubuntu starts you are not asked for your password
November 18th, 2009 at 2:54 pm
Excellent post. Thanks.
November 29th, 2009 at 5:43 am
Thank you very munch. It was so annoying to have to retype this password all the time
December 2nd, 2009 at 12:02 am
Thanks so much for this, Dave. You’re my hero for the day.
December 2nd, 2009 at 7:49 pm
Cheeeeeers, Master!
Awesome tip! Loving Ubuntu.
December 4th, 2009 at 1:19 pm
but then again it will automatically forget password somehow..
I don’t know why..
December 13th, 2009 at 8:17 pm
To not delete all the passwords (Ubuntu 9.x): Open Applications > Accessories > Passwords and Encryption Keys. Right click on the Passwords once inside the application, and select ‘Change Password’. Enter the old password and leave the new one blank. Presto!
December 19th, 2009 at 4:37 pm
Hi Dave,
Thanks for this tip! It saved me from reloading Ubuntu on the Netbook.
January 2nd, 2010 at 2:01 am
Dude, your the best. Thanks!
January 3rd, 2010 at 8:10 pm
this is not really a good solution. As warned, it leaves all of your passwords available in one plaintext file! This is totally insecure, and John’s solution (a few posts up from mine) solves the problem while only opening up the network to other users of that computer…surely a better solution?
January 8th, 2010 at 8:54 pm
Dave,
Many thanks!
January 10th, 2010 at 5:34 am
Thanks for this solution, this problem has been driving me potty for days.
January 14th, 2010 at 3:37 pm
Dave,
I have tried your cure but it does not seem to work. Are things different with Ubuntu 9.10 netbook remix?
What is happening is that after automatic logon I am asked for the Password or Encryption Keys’ for my wireless network. This is despite the fact that under ‘Keyrings’ I have the two folders ‘Default’ – containing the one word ‘Default’ – and ‘Default.keyring’ containing my network password/encryption key. I often have to renter this before my network is connected, making me suspect that the folder ‘default.keyring’ is not being read. Perhaps the ‘default’ folder should be blank?
This is driving me mad and I hope you can help!
January 21st, 2010 at 8:14 am
Thx So Much!!!
I’ve had so many problems with this!
January 21st, 2010 at 9:25 pm
Thanks for taking the trouble to put this up. Really useful
January 22nd, 2010 at 12:23 pm
If you wanna be cautious, you can always rename the old keyring file to login.keyring_FOOOO — same effect as deleting it but you could recover it later if u needed….. I’m a great fan of renaming rather than deleting key systems files
February 7th, 2010 at 9:41 am
Thanks, worked perfectly on Karmic, no more irritating requests.
February 7th, 2010 at 3:14 pm
This worked Dave! Maybe not the best solution; but, the only reasonable one that I have found yet!
Thanks,
–V
February 7th, 2010 at 5:40 pm
This helped me with a frustrating problem I was having saving parameters for the VPN client configuration. Thanks a million.