User service not adding keys from ~/.ssh/config

juicepuppy · 2024-11-08 00:30:08

I have followed the following post to create a systemd user service to add ssh keys to the agent on startup.

https://stackoverflow.com/questions/188 … t-on-login

[Unit]
Description=SSH key agent

[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK

[Install]
WantedBy=default.target

I can see it is running via the systemctl --user status ssh-agent.service command, log output:

Nov 08 10:21:12 coney systemd[730]: Started SSH key agent.
Nov 08 10:21:12 coney ssh-agent[743]: SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket; export SSH_AUTH_SOCK;
Nov 08 10:21:12 coney ssh-agent[743]: echo Agent pid 743;

I have added AddKeysToAgent to my ~/.ssh/config file and changed the file permissions of the private key to chmod 600.
I have also tried specifying the key directly in the config file,
e.g.:

Host gitlabs
  HostName thehostname
  IdentityFile ~/.ssh/thekeyname

AddKeysToAgent  yes

if I try ssh-add -l I get no identities.

I can manually add the key that exists in that directory and it works fine. The key has no password.

The agent just won't add the key.

Awebb · 2024-11-09 06:02:08

systemctl status only tells you so much. What does the journal say? man journalctl.

EDIT: You didn't mention this: "Setup shell to have an environment variable for the socket". Did you do it?

Last edited by Awebb (2024-11-09 06:02:42)

juicepuppy · 2024-11-18 07:53:29

HI, sorry for the delay in replying I've been away.

Yes the env variable is there:
SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket

I believe that's used to start the user agent?

Logs show same as what i posted above; nothing else appears related to ssh-agent than those three lines.

seth · 2024-11-18 08:44:23

…

Host gitlabs
  HostName thehostname
  IdentityFile ~/.ssh/thekeyname

…

Host * 
  AddKeysToAgent  yes

juicepuppy · 2024-11-27 04:35:17

I thought I'd replied to this already. Bah. Sorry seth that didn't work either.

seth · 2024-11-27 08:03:58

Sanity check: the keys only get added after the first authentication (ie you get asked for a password) - does that actually happen before you check the added keys?

Alternatively, have you tried this not using a user service but the good old fashioned way to run the agent in some script that gets sourced during the session srtart?

juicepuppy · 2024-12-03 07:45:58

HI Seth,

No, the keys are never added regardless.

I am going to take your advice and add them to my profile shell script, as I do at work! I just figured that knowledge base article was the way to do it with arch.

seth · 2024-12-03 15:25:49

It's the way to do it with systemd… well, "would be"

Arch Linux

#1 2024-11-08 00:30:08

User service not adding keys from ~/.ssh/config

#2 2024-11-09 06:02:08

Re: User service not adding keys from ~/.ssh/config

#3 2024-11-18 07:53:29

Re: User service not adding keys from ~/.ssh/config

#4 2024-11-18 08:44:23

Re: User service not adding keys from ~/.ssh/config

#5 2024-11-27 04:35:17

Re: User service not adding keys from ~/.ssh/config

#6 2024-11-27 08:03:58

Re: User service not adding keys from ~/.ssh/config

#7 2024-12-03 07:45:58

Re: User service not adding keys from ~/.ssh/config

#8 2024-12-03 15:25:49

Re: User service not adding keys from ~/.ssh/config

Board footer