On 12/22/2010 11:39 AM, m.roth at 5-cent.us wrote: > Right, which AFAIK, doesn't work with the new US federal PIV-II cards. > Certainly, I can't add the card when it's inserted in the reader with just > that. OK. Well, that's more or less what I meant when I asked if there was something non-standard. It looks to me like the older systems should have worked properly, before GNOME got its keyring manager involved. So, I'd recommend that you do two things. First, edit /usr/share/xsessions/gnome.desktop or create a new session file of your own. Change the "Exec" line to: Exec=ssh-agent gnome-session That'll launch your gnome-session as a child of ssh-agent. When you log out, ssh-agent will exit. You'll also need to (in your session) go to System -> Preferences -> Startup Applications. Locate "SSH Key Agent". Remove the checkbox. Log out and log back in. At that point, double check that the ssh key agent is still deselected in startup applications, and then make sure that a terminal still has the SSH_AUTH_SOCK variable. If those two things are true, then you should be using the OpenSSH agent. (Also, the socket path shouldn't say "keyring"). Once you're using the OpenSSH agent, you should be able to use ssh-add to set up your opensc device.