You are not logged in.

#1 2012-10-20 15:18:48

totte
Member
Registered: 2011-08-22
Posts: 58

How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

I'm using a select few KDE programs (not the DE) such as Kontact (and with that KMail, Korganizer, Kaddressbook...) and Kwallet. I've got a GPG and an SSH key which I need in Git to sign commits and push. I'd like to have Kwallet manage ALL of these passwords/passphrases, (e-mail, SSH, GPG) and only be prompted for a password to unlock my wallet once per session - or better yet, have the wallet unlocked by logging in (like the keychain in OS X). I'm currently using SLiM (systemd, slim.service) as the login manager. I had a glance at this tutorial for inspiration but to no success...

This is my ~/.xinitrc:

#!/bin/sh
if [ -d /etc/X11/xinit/xinitrc.d ]; then
  for f in /etc/X11/xinit/xinitrc.d/*; do
    [ -x "$f" ] && . "$f"
  done
  unset f
fi

# Hide mouse cursor when idle
unclutter -idle 4 &

# Background image
hsetroot -fill $HOME/img/08.jpg &

# Window manager
xmonad

This is my ~/.zprofile (failed attempt, fake GPG-key name)

#!/bin/sh
# Load keychain to handle ssh and gpg keys
export SSH_ASKPASS=/usr/bin/ksshaskpass
eval `keychain --eval id_rsa 1234ABCD`
$HOME/.keychain/`hostname`-sh
$HOME/.keychain/`hostname`-sh-gpg

This is my ~/.gnupg/gpg.conf (commented lines not included)

no-greeting
require-cross-certification
charset utf-8
keyserver hkp://keys.gnupg.net

Last edited by totte (2012-10-25 10:49:52)

Offline

#2 2012-10-20 15:27:20

roentgen
Member
Registered: 2011-03-15
Posts: 89

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

For the ssh key part I have this in KDE's autostart folder but I guess you can adapt it to your environment.

#!/bin/sh
SSH_ASKPASS=/usr/bin/ksshaskpass ssh-add < /dev/null

Offline

#3 2012-10-20 16:14:51

totte
Member
Registered: 2011-08-22
Posts: 58

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

That's not using keychain, is it? I put my commands in .zprofile, thinking it'd have them run once logged in and past SLiM but... nothing. I ran the .zprofile as a separate script in Konsole and got this output:

* keychain 2.7.1 ~ http://www.funtoo.org
 * Starting ssh-agent...
 * Starting gpg-agent...
 * Adding 1 ssh key(s): /home/me/.ssh/id_rsa

The ksshaskpass(?) window popped up, I entered my passphrase and hit enter, the window disappeared, and then the script just froze. Ctrl+D did nothing, Ctrl+C gave me back the prompt. Running it again, I got:

* keychain 2.7.1 ~ http://www.funtoo.org
 * Waiting 5 seconds for lock...
 * Found existing ssh-agent: 582
 * Found existing gpg-agent: 608
 * Known ssh key: /home/me/.ssh/id_rsa

...and I was back at the prompt. Trying to SSH into my VPS still had it ask for the SSH passphrase though, so I guess something's up.

Last edited by totte (2012-10-20 16:16:03)

Offline

#4 2012-10-20 23:26:19

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,662

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

I notice that the tutorial you linked to mentioned disabling the standard start up of ssh-agent and gpg-agent. Since you are only using parts of KDE rather than using KDE per se I'm not sure if that is relevant to you but did you adjust /etc/kde/env/gpg-agent-startup.sh appropriately if applicable?


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

#5 2012-10-21 10:18:57

totte
Member
Registered: 2011-08-22
Posts: 58

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

Yeah, since s/he disabled the agents (of which I used the GPG agent - with SSH emulation - together with Keychain prior to this) I assumed Kwallet would take on the role of acting as an agent for both GPG and SSH - but I'm not yet quite sure what Kwallet is capable of. I'll be trying out reenabling the GPG agent to see what happens. I wasn't even aware of the existence of /etc/kde/env/{gpg,ssh}-agent-startup.sh - having a peek at them, thanks for the tip! Also the tutorial is oddly formatted and seems to repeat itself partially.

For reference, here are the packages currently installed on my machine:

abs 2.4.4-1
acl 2.2.51-2
akonadi 1.8.1-1
alsa-lib 1.0.26-1
alsa-utils 1.0.26-1
alsaequal 0.6-6
apache 2.2.23-1
apr 1.4.6-1
apr-util 1.4.1-1
archlinux-keyring 20120915-1
aspell 0.60.6.1-1
attica 0.4.1-1
attr 2.4.46-2
audiofile 0.3.4-1
autoconf 2.69-1
automake 1.12.4-1
automoc4 0.9.88-3
avahi 0.6.31-4
bash 4.2.037-1
binutils 2.22-10
bison 2.6.2-1
boost-libs 1.50.0-2
bzip2 1.0.6-4
ca-certificates 20120623-1
cairo 1.12.2-3
caps 0.4.5-2
cdparanoia 10.2-4
cifs-utils 5.6-2
cln 1.3.2-1
cloog 0.17.0-2
cmake 2.8.9-1
compositeproto 0.4.2-2
consolekit 0.4.6-4
coreutils 8.19-1
cracklib 2.8.19-1
cronie 1.4.8-3
cryptsetup 1.5.0-2
curl 7.28.0-1
damageproto 1.2.1-2
db 5.3.21-1
dbus 1.6.8-1
dbus-core 1.6.8-1
dbus-glib 0.100-1
desktop-file-utils 0.20-1
device-mapper 2.02.97-1
dhcpcd 5.6.2-1
dialog 1.1_20120706-1
diffutils 3.2-1
dirmngr 1.1.0-4
dmenu-xft-height 4.5-1 (AUR)
dmxproto 2.3.1-2
dnssec-anchors 20120422-1
docbook-xml 4.5-5
docbook-xsl 1.77.1-2
dri2proto 2.8-1
e2fsprogs 1.42.5-1
enchant 1.6.0-4
ethtool 1:3.5-1
eventlog 0.2.12-3
exiv2 0.23-1
expat 2.1.0-1
faad2 2.7-3
fakeroot 1.18.4-1
ffmpeg 1:1.0-1
file 5.11-1
filesystem 2012.10-1
findutils 4.4.2-4
fixesproto 5.0-2
flac 1.2.1-3
flex 2.5.37-1
fontconfig 2.10.1-2
fontsproto 2.1.2-1
freeglut 2.8.0-2
freetype2 2.4.10-1
fuse 2.9.1-1
gawk 4.0.1-1
gcc 4.7.2-1
gcc-libs 4.7.2-1
gdbm 1.10-1
gettext 0.18.1.1-4
ghc 7.6.1-1
giflib 4.1.6-5
git 1.7.12.4-1
glib2 2.32.4-1
glibc 2.16.0-4
glproto 1.4.16-1
glu 9.0.0-1
gmp 5.0.5-1
gnupg 2.0.19-2
gnutls 3.1.3-1
gpgme 1.3.1-4
gpm 1.20.6-10
grantlee 0.2.0-1
grep 2.14-1
groff 1.21-2
gsm 1.0.13-7
gstreamer0.10 0.10.36-1
gstreamer0.10-base 0.10.36-1
gstreamer0.10-base-plugins 0.10.36-1
gzip 1.5-1
haskell-extensible-exceptions 0.1.1.4-3
haskell-mtl 2.1.2-1
haskell-random 1.0.1.1-3
haskell-syb 0.3.7-1
haskell-transformers 0.3.0.0-2
haskell-utf8-string 0.3.7-3
haskell-x11 1.6.0.2-1
haskell-x11-xft 0.3.1-5
heirloom-mailx 12.5-3
hicolor-icon-theme 0.12-2
hsetroot 1.0.2-2
hspell 1.2-1
hunspell 1.3.2-2
hwids 20121012-1
iana-etc 2.30-3
icu 49.1.2-2
ilmbase 1.0.2-1
imlib2 1.4.5-2
inetutils 1.9.1-4
inputproto 2.2-1
iputils 20101006-7
isl 0.10-1
iso-codes 3.38-1
jack 0.121.3-7
jasper 1.900.1-8
jfsutils 1.1.15-3
json-c 0.9-1
kactivities 4.9.2-1
kbd 1.15.3-3
kbproto 1.0.6-1
kde-agent 20120430-1
kde-base-artwork 4.9.2-1
kdebase-konsole 4.9.2-1
kdebase-lib 4.9.2-1
kdebase-runtime 4.9.2-2
kdebase-workspace 4.9.2-4
kdelibs 4.9.2-2
kdepim-akonadiconsole 4.9.2-1
kdepim-console 4.9.2-1
kdepim-kaddressbook 4.9.2-1
kdepim-kmail 4.9.2-1
kdepim-kontact 4.9.2-1
kdepim-korganizer 4.9.2-1
kdepim-kresources 4.9.2-1
kdepim-ktimetracker 4.9.2-1
kdepim-libkdepim 4.9.2-1
kdepim-runtime 4.9.2-1
kdepimlibs 4.9.2-1
kdeutils-kgpg 4.9.2-1
kdeutils-kwallet 4.9.2-1
keychain 2.7.1-2
keyutils 1.5.5-3
khrplatform-devel 9.0-1
kmod 10-1
krb5 1.10.3-1
ksshaskpass 0.5.3-3
kwalletcli 2.11-1
ladspa 1.13-4
lame 3.99.5-1
ldns 1.6.13-1
less 451-1
libao 1.1.0-2
libarchive 3.0.4-2
libassuan 2.0.3-1
libasyncns 0.8-4
libatasmart 0.19-1
libcanberra 0.28-5
libcap 2.22-3
libcap-ng 0.7-1
libdaemon 0.14-2
libdatrie 0.2.5-1
libdbusmenu-qt 0.9.2-1
libdmtx 0.7.4-3
libdmx 1.1.2-1
libdrm 2.4.39-1
libedit 20120601_3.0-1
libegl 9.0-1
libevent 2.0.20-1
libffi 3.0.11-1
libfontenc 1.1.1-1
libgbm 9.0-1
libgcrypt 1.5.0-3
libgl 9.0-1
libglapi 9.0-1
libgles 9.0-1
libgpg-error 1.10-2
libgssglue 0.4-1
libical 0.48-1
libice 1.0.8-1
libid3tag 0.15.1b-7
libimobiledevice 1.1.4-2
libiodbc 3.52.8-1
libjpeg-turbo 1.2.1-1
libkgapi 0.4.2-1
libksba 1.2.0-2
libldap 2.4.33-1
libltdl 2.4.2-7
libmad 0.15.1b-6
libmms 0.6.2-1
libmng 1.0.10-4
libmodplug 0.8.8.4-1
libmpc 1.0.1-1
libmtp 1.1.5-1
libmysqlclient 5.5.28-1
libnl 3.2.11-1
libogg 1.3.0-1
libpcap 1.3.0-1
libpciaccess 0.13.1-1
libpipeline 1.2.2-1
libplist 1.8-2
libpng 1.5.12-1
libpulse 2.1-1
libqalculate 0.9.7-3
libqzeitgeist 0.8.0-2
libraw1394 2.0.7-2
libsamplerate 0.1.8-1
libsasl 2.1.23-9
libshout 1:2.3.1-1
libsm 1.2.1-1
libsndfile 1.0.25-2
libssh 0.5.2-1
libssh2 1.4.2-1
libtasn1 2.14-1
libthai 0.1.18-1
libtheora 1.1.1-2
libtiff 4.0.3-1
libtirpc 0.2.2-2
libtool 2.4.2-7
libusb-compat 0.1.4-2
libusbx 1.0.14-1
libva 1.1.0-2
libvisual 0.4.0-4
libvorbis 1.3.3-1
libvpx 1.1.0-1
libwbclient 3.6.8-1
libx11 1.5.0-1
libxau 1.0.7-1
libxaw 1.0.11-1
libxcb 1.9-1
libxcomposite 0.4.3-2
libxcursor 1.1.13-1
libxdamage 1.1.3-2
libxdmcp 1.1.1-1
libxext 1.3.1-1
libxfixes 5.0-2
libxfont 1.4.5-1
libxft 2.3.1-1
libxi 1.6.1-1
libxinerama 1.1.2-1
libxkbfile 1.0.8-1
libxklavier 5.2.1-2
libxml2 2.8.0-1
libxmu 1.1.1-1
libxpm 3.5.10-1
libxrandr 1.4.0-1
libxrender 0.9.7-1
libxres 1.0.6-1
libxslt 1.1.26-3
libxss 1.2.2-1
libxt 1.1.3-1
libxtst 1.2.1-1
libxv 1.0.7-1
libxxf86dga 1.1.3-1
libxxf86vm 1.1.2-1
licenses 2.9-1
linux 3.6.2-1
linux-api-headers 3.5.5-1
linux-firmware 20120625-1
lm_sensors 3.3.2-5
logrotate 3.8.2-1
lsb-release 1.4-12
lsof 4.86-1
lvm2 2.02.97-1
m4 1.4.16-2
make 3.82-5
man-db 2.6.3-1
man-pages 3.43-1
mcpp 2.7.2-4
mdadm 3.2.5-2
media-player-info 17-1
mesa 9.0-1
mkinitcpio 0.10-1
mkinitcpio-busybox 1.20.2-1
mksh R40f-1
mpd 0.17.2-1
mpfr 3.1.1.p2-1
mtdev 1.1.3-1
mysql 5.5.28-1
mysql-clients 5.5.28-1
nano 2.2.6-2
ncurses 5.9-3
nepomuk-core 4.9.2-2
net-tools 1.60.20120804git-2
nettle 2.5-1
nouveau-dri 9.0-1
opencore-amr 0.1.3-1
openexr 1.7.1-1
openjpeg 1.5.0-1
openssh 6.1p1-2
openssl 1.0.1.c-1
opera 12.02-1
orc 0.4.16-1
oxygen-icons 4.9.2-1
p11-kit 0.13-1
pacman 4.0.3-3
pacman-mirrorlist 20120908-1
pam 1.1.6-1
pambase 20120701-1
pango 1.30.1-1
parted 3.1-1
patch 2.7.1-1
pciutils 3.1.10-1
pcmciautils 018-4
pcre 8.31-1
perl 5.16.1-1
perl-error 0.17018-1
phonon 1:4.6.0-2
phonon-gstreamer 4.6.2-1
php 5.4.8-1
php-apache 5.4.8-1
pinentry 0.8.2-1
pixman 0.26.2-1
pkg-config 0.27.1-1
pkgfile 6-1
pkgtools 24-4
pm-quirks 0.20100619-2
pm-utils 1.4.1-5
polkit 0.105-1
polkit-kde 0.99.0-2
polkit-qt 0.103.0-1
popt 1.16-5
ppl 1.0-1
ppp 2.4.5-4
prison 1.0-1
procps-ng 3.3.3-6
psmisc 22.19-1
pth 2.0.7-4
pygobject2-devel 2.28.6-7
pyqt 4.9.5-3
pyqt-common 4.9.5-3
python 3.3.0-1
python-dbus 1.1.1-2
python-dbus-common 1.1.1-2
python-distribute 0.6.28-3
python-pip 1.2.1-2
python-sip 4.14-2
python2 2.7.3-2
python2-dbus 1.1.1-2
python2-gobject2 2.28.6-7
python2-urwid 1.0.2-2
qca 2.0.3-2
qimageblitz 0.0.6-2
qjson 0.7.1-2
qmpdclient 1.2.2-2
qrencode 3.4.1-1
qt 4.8.3-4
qt-doc 4.8.3-1
qtcreator 2.5.2-1
qtwebkit 2.2.2-1
randrproto 1.4.0-1
raptor 2.0.8-1
rasqal 1:0.9.29-1
readline 6.2.004-1
recordproto 1.14.2-1
redland 1:1.0.15-3
redland-storage-virtuoso 1:1.0.15-3
reiserfsprogs 3.6.21-4
renderproto 0.11.1-2
rsync 3.0.9-5
rtmpdump 2.4-1
run-parts 4.3.4-1
schroedinger 1.0.11-1
scrnsaverproto 1.2.2-1
sdl 1.2.15-3
sed 4.2.1-4
sg3_utils 1.33-1
shadow 4.1.5.1-1
shared-desktop-ontologies 0.10.0-1
shared-mime-info 1.0-1
sip 4.14-2
slim 1.3.4-3
slock 1.0-1
smbclient 3.6.8-1
soprano 2.8.0-2
speex 1.2rc1-2
sqlite 3.7.14.1-1
sshfs 2.4-1
strigi 0.7.7-2
sudo 1.8.6.p3-1
sysfsutils 2.1.0-8
syslinux 4.05-7
syslog-ng 3.3.6-1
systemd 194-4
systemd-arch-units 20120915-2
talloc 2.0.7-1
tar 1.26-2
tdb 1.2.9-2
texinfo 4.13a-7
tmux 1.7-1
transmission-qt 2.71-1
ttf-bitstream-vera 1.10-8
ttf-dejavu 2.33-3
ttf-droid 20110417-2
ttf-inconsolata 20090215-3
ttf-liberation 2.00.0-1
ttf-ubuntu-font-family 0.80-3
tzdata 2012f-1
udisks 1.0.4-5
unclutter 8-8
unixodbc 2.3.1-1
unzip 6.0-6
upower 0.9.18-2
usbmuxd 1.0.8-1
usbutils 006-1
util-linux 2.22.1-1
v4l-utils 0.8.8-1
videoproto 2.3.1-2
vim 7.3.661-1
vim-runtime 7.3.661-1
virtuoso-base 6.1.6-1
wavpack 4.60.1-2
wget 1.14-1
which 2.20-5
wicd 1.7.2.4-4
wireless_tools 29-7
wpa_supplicant 1.0-2
x264 20120705-1
xcb-proto 1.8-1
xcb-util 0.3.9-1
xdg-utils 1.1.0-2.20120520
xextproto 7.2.1-1
xf86-input-evdev 2.7.3-2
xf86-input-synaptics 1.6.2-2
xf86-video-nouveau 1.0.2-2
xf86dgaproto 2.1-2
xf86vidmodeproto 2.3.1-2
xfsprogs 3.1.8-2
xineramaproto 1.2.1-2
xkeyboard-config 2.7-1
xmobar 0.16-1
xmonad 0.10-5
xmonad-contrib 0.10-5
xorg-bdftopcf 1.0.3-2
xorg-font-util 1.3.0-1
xorg-font-utils 7.6-3
xorg-fonts-alias 1.0.2-2
xorg-fonts-encodings 1.0.4-3
xorg-fonts-misc 1.0.1-2
xorg-iceauth 1.0.5-1
xorg-mkfontdir 1.0.7-1
xorg-mkfontscale 1.1.0-1
xorg-server 1.13.0-2
xorg-server-common 1.13.0-2
xorg-server-utils 7.6-3
xorg-sessreg 1.0.7-1
xorg-setxkbmap 1.3.0-1
xorg-utils 7.6-8
xorg-xauth 1.0.7-1
xorg-xbacklight 1.2.0-1
xorg-xcmsdb 1.0.4-1
xorg-xdpyinfo 1.3.0-1
xorg-xdriinfo 1.0.4-3
xorg-xev 1.2.0-1
xorg-xgamma 1.0.5-1
xorg-xhost 1.0.5-1
xorg-xinit 1.3.2-1
xorg-xinput 1.6.0-1
xorg-xkbcomp 1.2.4-1
xorg-xlsatoms 1.1.1-1
xorg-xlsclients 1.1.2-2
xorg-xmessage 1.0.3-2
xorg-xmodmap 1.0.7-1
xorg-xprop 1.2.1-1
xorg-xrandr 1.3.5-1
xorg-xrdb 1.0.9-2
xorg-xrefresh 1.0.4-3
xorg-xset 1.2.2-1
xorg-xsetroot 1.1.0-3
xorg-xvinfo 1.1.1-3
xorg-xwininfo 1.1.2-1
xproto 7.0.23-1
xvidcore 1.3.2-1
xz 5.0.4-1
yajl 2.0.4-1
zlib 1.2.7-1
zsh 5.0.0-2

In short - I install these packages when setting up a new machine:

abs
alsa-utils
apache
base
base-devel
git
gnupg
hsetroot
kdebase-konsole
kdebase-workspace
kdepim-akonadiconsole
kdepim-console
kdepim-kaddressbook
kdepim-kmail
kdepim-kontact
kdepim-korganizer
kdepim-ktimetracker
kdepimlibs
kdeutils-kgpg
kdeutils-kwallet
ksshaskpass
kwalletcli
lsb-release
mesa
mpd
mysql
openssh
opera
php
php-apache
pkgfile
pkgtools
pyqt
python
python-pip
qmpdclient
qt
qtcreator
qtfm
qt-doc
slim
slock
sshfs
sudo
syslinux
systemd
systemd-arch-units
tmux
transmission-qt
ttf-{bitstream-vera,dejavu,droid,inconsolata,liberation,ubuntu-font-family}
unclutter
unzip
vim
wget
wicd
xmobar
xmonad
xmonad-contrib
xorg-{server,server-utils,utils,xinit}
zsh
xf86-input-synaptics
xf86-video-nouveau

It's X.org with SLiM for login, Xmonad as window manager, Xmobar as panel, Zsh as shell, the KDE Konsole (never got rxvt-unicode font spacing the way I wanted it) and PIM suite (Kontact), Opera as web browser, plain Vim (console), wicd for networking, mpd and qmpdclient for music, systemd, (L)AMP, Python, Qt and a bunch of utilities.

Offline

#6 2012-10-21 17:37:23

totte
Member
Registered: 2011-08-22
Posts: 58

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

No success so far, really, need more ideas. smile

Neither of /etc/kde/env/{gpg,ssh}-agent-startup.sh seem to be run by anything automatically on my system upon boot and logging in. I tried going back to the beginning and I got GPG working alright, when signing a commit I was automatically authenticated. SSH however still prompts me by CLI to enter my passphrase when I try to git-push or ssh into a server. I set an empty password for the wallet to have it "unlocked by logging in". I thought setting "export SSH_ASKPASS='/usr/bin/ksshaskpass'" in ~/.zprofile would have it prompt for the password in some manner of Qt window related to Kwallet, but apparently it doesn't. In top both ssh-agent and gpg-agent are displayed as running - but if I run gpg-agent in Konsole I get the output "gpg-agent: no gpg-agent running in this session", ssh-agent on the other hand outputs "SSH_AUTH_SOCK=/tmp/ssh-noaDS3C4AP8M/agent.1830; export SSH_AUTH_SOCK;
SSH_AGENT_PID=1831; export SSH_AGENT_PID;
echo Agent pid 1831;"
.

Here's my ~/.zprofile, ~/.xinitrc, ~/.gnupg/gpg.conf, ~/.gnupg/gpg-agent.conf and ~/.zshrc (probably irrelevant but included anyway):

~/.zprofile

export EDITOR='vim'
export GIT_EDITOR='vim -fg'
export GPG_TTY=$(tty)
export GREP_COLOR='1;34'
export GREP_OPTIONS='--color=auto'
export LANG='en_GB.UTF-8'
export PAGER='less'
export PINENTRY='/usr/bin/pinentry-kwallet'
export SSH_ASKPASS='/usr/bin/ksshaskpass'
export VISUAL='vim'

~/.xinitrc

#!/bin/sh

if [ -d /etc/X11/xinit/xinitrc.d ]; then
  for f in /etc/X11/xinit/xinitrc.d/*; do
    [ -x "$f" ] && . "$f"
  done
  unset f
fi

# Kwallet
kwalletd &

# Keychain (SSH & GPG)
eval `keychain --eval id_rsa 1234ABCD` &

# Hide mouse cursor when idle
unclutter -idle 4 &

# Background image
hsetroot -fill $HOME/img/08.jpg &

# Akonadi
akonadictl start &

# Music Player Daemon
mpd &

# Window manager
xmonad

~/.gnupg/gpg.conf

no-greeting
require-cross-certification
charset utf-8
keyserver hkp://keys.gnupg.net
use-agent

~/.gnupg/gpg-agent.conf

pinentry-program /usr/bin/pinentry-kwallet
no-grab

~/.zshrc (probably irrelevant)

#-------------------------------------------------------------------------------------
# PATH
#-------------------------------------------------------------------------------------

# System executables
PATH0="/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin"

# My executables
PATH1="$HOME/bin"

export PATH="$PATH0:$PATH1"

#-------------------------------------------------------------------------------------
# COLOURS
#-------------------------------------------------------------------------------------
autoload colors; colors;
eval "`dircolors -b ~/.dircolorsrc`"

#-------------------------------------------------------------------------------------
# GENERAL
#-------------------------------------------------------------------------------------
HISTFILE=$HOME/.zsh_history
HISTSIZE=10000
SAVEHIST=10000
setopt append_history
setopt extended_history
setopt hist_expire_dups_first
setopt hist_ignore_dups
setopt hist_ignore_space
setopt hist_verify
setopt inc_append_history
setopt share_history
setopt prompt_subst
setopt correctall
setopt auto_menu
setopt complete_in_word
setopt always_to_end
setopt extendedglob

#-------------------------------------------------------------------------------------
# ALIASES
#-------------------------------------------------------------------------------------
alias rezsh='. ~/.zshrc'
alias _='sudo '
alias l='ls -lh --color'
alias la='ls -lAh --color'
alias -- -='cd -'
alias ..='cd ..'
alias df='df -h'
alias g='git'
alias tmux='tmux attach'
alias cp='cp -v'
alias mv='mv -v'
alias rm='rm -v'
alias rmdir='rmdir -v'
alias d='dirs -v'
bu(){cp -v $1 ${1}.backup}
cmds(){history | awk '{print $2}' | sort | uniq -c | sort -rn | head}
md(){mkdir -p $1; cd $1}

# OS-specific aliases
if [[ $(uname) == "Darwin" ]]; then
    # Mac OS X
    alias pkgs='port search' # Search
    alias pkgi='sudo port install' # Install
    alias pkgu='sudo port selfupdate && sudo port upgrade outdated' # Update & Upgrade
    alias pkgr='sudo port uninstall --follow-dependencies' # Remove package and unused dependencies
    alias pkgl='port installed' # List installed packages
    alias python='/usr/local/bin/python3'
    alias pip='pip-3.2'
    alias pips='pip-3.2 search'
    alias pipi='pip-3.2 install'
    alias pipu='pip-3.2 install -U'
    alias pipr='pip-3.2 uninstall'
    alias pipl='pip-3.2 freeze'
    alias v='mvim'
elif [[ $(uname) == "Linux" ]]; then
    alias pips='pip search'
    alias pipi='pip install'
    alias pipu='pip install -U'
    alias pipr='pip uninstall'
    alias pipl='pip freeze'
    alias v='vim'
    case $(lsb_release -d | cut -f2 | cut -d " " -f1) in
        (Arch) # Arch Linux
            alias equa='alsamixer -D equal'
            alias pkgs='pacman -Ss' # Search
            alias pkgi='sudo pacman -S' # Install
            alias pkgu='sudo pacman -Syu' # Update & Upgrade
            alias pkgr='sudo pacman -Rns' # Remove package, configuration backups and unused dependencies
            alias pkgl='pacman -Q' # List installed packages
            alias pkgd='whoneeds' # List packages depending on specified package
            alias poweroff='sudo systemctl poweroff'
            alias reboot='sudo systemctl reboot'
            alias nw='wicd-curses'
            ;;
        (Debian|Ubuntu) # Debian and Ubuntu
            alias pkgs='aptitude search' # Search
            alias pkgi='sudo aptitude install' # Install
            alias pkgu='sudo aptitude update && sudo aptitude upgrade' # Update & Upgrade
            alias pkgr='sudo aptitude purge' # Remove package, configuration files and unused dependencies
            alias pkgl='aptitude search -F "%p" "~i"' # List installed packages
            alias reboot='sudo shutdown -r now'
            alias shutdown='sudo shutdown -h now'
            ;;
    esac
fi

# Host-specific aliases
if [[ ${HOST:r} == "betre" ]]; then
    alias poff='sudo /sbin/write-magic 0xdeadbeef && sudo /sbin/reboot'
fi

#-------------------------------------------------------------------------------------
# TAB COMPLETION
#-------------------------------------------------------------------------------------
autoload compinit
compinit

# Case-insensitive (all),partial-word and then substring completion
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
zstyle ':completion:*:*:*:*:*' menu select
zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
cdpath=(.)

# Use /etc/hosts and known_hosts for hostname completion
[ -r /etc/ssh/ssh_known_hosts ] && _global_ssh_hosts=(${${${${(f)"$(</etc/ssh/ssh_known_hosts)"}:#[\|]*}%%\ *}%%,*}) || _ssh_hosts=()
[ -r ~/.ssh/known_hosts ] && _ssh_hosts=(${${${${(f)"$(<$HOME/.ssh/known_hosts)"}:#[\|]*}%%\ *}%%,*}) || _ssh_hosts=()
[ -r /etc/hosts ] && : ${(A)_etc_hosts:=${(s: :)${(ps:\t:)${${(f)~~"$(</etc/hosts)"}%%\#*}##[:blank:]#[^[:blank:]]#}}} || _etc_hosts=()
hosts=(
    "$_global_ssh_hosts[@]"
    "$_ssh_hosts[@]"
    "$_etc_hosts[@]"
    `hostname`
    localhost
)
zstyle ':completion:*:hosts' hosts $hosts

#-------------------------------------------------------------------------------------
# KEYBINDINGS
#-------------------------------------------------------------------------------------
bindkey '^[[A' history-beginning-search-backward
bindkey '^[[B' history-beginning-search-forward
bindkey "^[[H" beginning-of-line
bindkey "^[[1~" beginning-of-line
bindkey "^[OH" beginning-of-line
bindkey "^[[F"  end-of-line
bindkey "^[[4~" end-of-line
bindkey "^[OF" end-of-line

# Make the delete key (or Fn + Delete on the Mac) work instead of outputting a ~
bindkey '^?' backward-delete-char
bindkey "^[[3~" delete-char
bindkey "^[3;5~" delete-char
bindkey "\e[3~" delete-char

#-------------------------------------------------------------------------------------
# TITLES
#-------------------------------------------------------------------------------------
tmux_title="%16<..<%~%<<"
term_tab_title="%m"
term_title="Terminal"

function title(){
  if [[ "$TERM" == screen* ]]; then
    print -Pn "\ek$tmux_title:q\e\\"
  elif [[ $TERM == rxvt* ]] || [[ "$TERM_PROGRAM" == "iTerm.app" ]]; then
    print -Pn "\e]2;$term_title:q\a"
    print -Pn "\e]1;$term_tab_title:q\a"
  fi
}

function title_precmd(){
  title $tmux_title $term_tab_title $term_title
}

function title_preexec(){
  emulate -L zsh
  setopt extended_glob
  local tmux_title=${1[(wr)^(*=*|sudo|ssh|-*)]}
  title $tmux_title $term_tab_title $term_title
}

#-------------------------------------------------------------------------------------
# ZSH VCS_INFO MODULE
#-------------------------------------------------------------------------------------
autoload -Uz vcs_info

#zstyle    ':vcs_info:*+*:*'                debug true
zstyle    ':vcs_info:*'                    enable git
zstyle    ':vcs_info:git*'                formats                    '%fon $(rou)%b%f%c%u%m'
zstyle    ':vcs_info:git*'                actionformats            '%fon $(rou)%b%f:$(rou)%a%f%c%u%m'
zstyle    ':vcs_info:git*:*'                stagedstr                ' (staged)'
zstyle    ':vcs_info:git*:*'                unstagedstr                ' (unstaged)'
zstyle    ':vcs_info:git*:*'                get-revision true
zstyle    ':vcs_info:git*:*'                check-for-changes true
zstyle    ':vcs_info:git*+set-message:*'    hooks git-stash git-untracked

# Display count of stashed changes
function +vi-git-stash(){
    local -a stashes

    if [[ -s ${hook_com[base]}/.git/refs/stash ]] ; then
        stashes=$(git stash list 2>/dev/null | wc -l)
        if [[ $stashes > 1 ]] ; then
            hook_com[misc]+=" (${stashes} stashes)"
        else
            hook_com[misc]+=" (${stashes} stash)"
        fi
    fi
}

# Display message if untracked files are present
function +vi-git-untracked(){
    if [[ $(git rev-parse --is-inside-work-tree 2> /dev/null) == 'true' ]] && \
        git status --porcelain | grep '??' &> /dev/null ; then
        hook_com[unstaged]+=" (untracked files present)"
    fi
}

function prompt_precmd(){
    vcs_info
}

#-------------------------------------------------------------------------------------
# PROMPT
#-------------------------------------------------------------------------------------
# Root or user?
function rou(){
    if [[ $UID -eq 0 ]] ; then
        echo "%{$fg[magenta]%}"
    else
        echo "%{$fg[blue]%}"
    fi
}

# Display ± if we're in a git repository and » at all other times
function prompt_character(){
    git branch >/dev/null 2>/dev/null && echo '%{$fg[white]%}±%{$reset_color%}' && return
    echo '%{$fg[white]%}»%{$reset_color%}'
}

# Set the prompt
function set_prompt(){
    PROMPT="$(rou)%n %{$reset_color%}at $(rou)%m %{$reset_color%}in $(rou)%~ ${vcs_info_msg_0_}
 %{$reset_color%}$(prompt_character) "
}

#-------------------------------------------------------------------------------------
# HOOKS
#-------------------------------------------------------------------------------------
autoload -U add-zsh-hook

add-zsh-hook    preexec    title_preexec
add-zsh-hook    precmd     title_precmd
add-zsh-hook    precmd     prompt_precmd
add-zsh-hook    precmd     set_prompt

Offline

#7 2012-10-21 22:10:57

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,662

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

To be honest, I just about managed to get this working with my configuration so I'm not a good person to advise. I can't even figure out how similar what you are trying to do is to the way I set things up here.

Presumably the results for gpg-agent are what you want but you don't want ssh-agent running? That is, you want ksshaskpass to be running instead? But I'm rather confused about how this is all supposed to work - if gpg-agent is meant to be disabled, why does it need configuring? And if keychain is a frontend to ssh-agent, how does that work if ssh-agent is meant to be disabled? (That is, I'm confused by the tutorial you linked to.)

Have you checked to see if the wiki suggests anything which might work well for you? I found the instructions very good although I realise that's not much help if you want to achieve something they don't cover!

I don't like kwallet much so what I do is use the ssh support provided by gpg-agent and have gpg-agent handle everything. I then use pinentry-qt4 to pop up the QT dialog boxes as and when necessary. The fiddliest bit of this was ensuring that I didn't end up with two instances of gpg-agent - hence I know about the existence of /etc/kde/env/gpg-agent-startup.sh because I had to configure the ssh support and pinentry programme there.


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

#8 2012-10-22 08:05:39

totte
Member
Registered: 2011-08-22
Posts: 58

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

I think I’m about as confused as can be myself. Still, any and all information may be considered as helpful until proven otherwise. smile  Since yesterday all I've learned is that SSH_ASKPASS will default to CLI even if set to "ksshaskpass" whenever ssh is being run from a terminal (as opposed to being run from a script such as .xinitrc, as I understood it). Still KWallet doesn't seem to pay any attention to when I'm prompted for the passphrase in a terminal, using ~/.ssh/id_rsa. I'm considering disabling both ssh- and gpg-agent and stop using Keychain to see if that makes things easier, as in, at least KWallet would input the passwords for me even if I'd be prompted for them a lot more often.

As for the tutorial I linked to, let’s put it here in proper formatting to have it make more sense (some minor grammatical edits):

龍神 (Dragon God) wrote:
Manage SSH and GPG keys efficiently in KDE

Introduction
Here I present a simple way to handle SSH and GPG keys easily in KDE4.
This method presents several advantages:

  • Works great with KDE4 that ships with Kubuntu Maverick Meerkat and may work in other KDE distributions without too much trouble.

  • Use KWallet as the passphrase manager so you unlock KWallet once on login and from there it will handle all passphrase requests.

  • Works great with automated tasks (via cron or incron) that use SSH key authentication (e.g. famous rsync unexplained error 255).

Pre-requisities
Considering that you are reading this post because you need a better way to manage your SSH and GPG keys then it is safe to assume you have already generated your SSH/GPG keys and that you know how to use them.

Disable KDE4 from starting ssh-agent and gpp-agent
By default Kubuntu 10.10 starts the ssh-agent and gpg-agent causing some conflicts with this setup based on Keychain. Using the default configuration does not seem to use KWallet and certainly does not work with KMail or mutt so I prefer to disable these and enable Keychain instead. To disable the default ssh-agent edit the "/etc/X11/Xsession.options" file and comment out the line that says “use-ssh-agent”. To disable the default gpg-agent edit the "~/.gnupg/gpg.conf" file and comment out the line that says “use-agent”. With these default agents disabled we can now configure KDE to use Keychain that I consider a superior tool to handle SSH/GPG keys.

SSH/GPG key management with KWallet
First we install the needed software packages:

sudo aptitude install keychain ksshaskpass kwalletcli

Configure the "~/.gnupg/gpg-agent.conf" file so it uses the KWallet pinentry program to manage gpg keys. Simply add the pinentry-program line or replace it if it already exists with:

pinentry-program /usr/bin/pinentry-kwallet

Now we need to load keychain and all the environment variables it sets when KDE starts. To do this we simply create a small script, say "keychain.sh" and put it inside out ".kde/env" directory. The script contains these lines:
Everything from here on to “END” was repeated one time in the original text and thus removed here.

#!/bin/sh
# Load Keychain to handle SSH and GPG keys
if [ -f /usr/bin/keychain ]; then
    if [ -f /usr/bin/ksshaskpass ]; then
        export SSH_ASKPASS=/usr/bin/ksshaskpass
    else
        export SSH_ASKPASS=/usr/bin/askpass
    fi
    /usr/bin/keychain
    $HOME/.keychain/`hostname`-sh
    $HOME/.keychain/`hostname`-sh-gpg
fi

What this does is to setup the SSH_ASKPASS environment variable to use the ksshaskpass program that handles SSH keys inside KWallet. Then invokes Keychain which starts the ssh-agent and gpg-agent daemons and sets some environment variables so all KDE applications can see them. Finally we must load our SSH/GPG keys into Keychain. The best place to do this is with the KDE Autostart scripts. Simply create a script, say add_keys.sh, into you ".kde/Autostart" folder that contains something like:
END

#!/bin/sh
# Load Keychain to handle SSH and GPG keys
if [ -f /usr/bin/keychain ]; then
    /usr/bin/keychain id_rsa 0x12345 0x23456
    $HOME/.keychain/`hostname`-sh
    $HOME/.keychain/`hostname`-sh-gpg
fi

What this Autostart script does is to load your SSH key (id_rsa) and GPG keys (0x12345, 0x23456) into Keychain. The next time you log into a KDE session this script will ask you if you want to give Keychain access to KWallet and then ask all the registered key passphrases. Once registered with KWallet all your applications will be able to use these keys without asking you for the passphrase each time. Make sure the env and Autostart scripts have exec privileges:

$ chmod +x ~/.kde/env/keychain.sh
$ chmod +x ~/.kde/Autostart/add_key.sh

Offline

#9 2012-10-22 08:38:25

totte
Member
Registered: 2011-08-22
Posts: 58

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

Also, as far as I know, the scripts at my disposal being run automatically at logging in and/or starting X are ~/.zprofile, ~/.zshrc and ~/.xinitrc. I'm not quite sure in what order they are being run aside from .zprofile being run before .zshrc. Is .xinitrc run when I get to the SLiM login screen or once I've logged in - and if the latter, is it run after or before .zprofile and .zshrc?

Offline

#10 2012-10-23 01:00:55

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,662

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

Easy way to test: add "echo I am .zprofile >> /tmp/testing" etc. into each of them and see what order you get. (Or the manual pages probably tell you - at least for .zprofile vs. .zshrc.)

I guess my instinct would be to simplify what you are doing as much as possible, get the very simplest set up working and then add one complication at a time. That's roughly what I did. So some steps took some trial and error but at least I knew which single thing to focus on which I think makes it a lot easier.

The wiki is really quite good on this generally although maybe not on what you want to do specifically.


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

#11 2012-10-23 20:30:44

totte
Member
Registered: 2011-08-22
Posts: 58

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

Thank you for the advice - I stumbled upon the solution(?) by accident: don't fork Keychain to background in ~/.xinitrc (leave out the "&" suffix). I'm now met by ksshaskpass once logged in and prompted for the password to my wallet. Entering it unlocks the SSH and GPG keys as well as Akonadi resources - all in one go. I'll have to do some more testing before I mark the thread as solved, just to be sure.

Offline

#12 2012-10-25 02:00:35

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,662

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

I'm glad you got it working. I thought it was kind of neat when I finally got it to ask for just one password and then have everything fall into place. But that's probably because I've tried to set something a little similar up in the past and failed utterly.


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

#13 2012-10-25 10:49:24

totte
Member
Registered: 2011-08-22
Posts: 58

Re: How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]

Right, I've got these packages installed:

kdeutils-kwallet
keychain
ksshaskpass
kwalletcli

~/.xinitrc (irrelevant lines not included)

#!/bin/sh

if [ -d /etc/X11/xinit/xinitrc.d ]; then
  for f in /etc/X11/xinit/xinitrc.d/*; do
    [ -x "$f" ] && . "$f"
  done
  unset f
fi

# Kwallet
kwalletd &

# Keychain
eval `keychain --eval --clear id_rsa 1234ABCD`

# Akonadi
akonadictl start &

# Window manager
xmonad

~/.zprofile  (irrelevant lines not included)

GPG_TTY=$(tty)
LANG='en_GB.UTF-8'
PINENTRY='/usr/bin/pinentry-kwallet'
SSH_ASKPASS='/usr/bin/ksshaskpass'
export $GPG_TTY
export $LANG
export $PINENTRY
export $SSH_ASKPASS

~/.gnupg/gpg.conf

no-greeting
require-cross-certification
charset utf-8
keyserver  hkp://keys.gnupg.net
use-agent

~/.gnupg/gpg-agent.conf

pinentry-program /usr/bin/pinentry-kwallet
default-cache-ttl 10800
default-cache-ttl-ssh 10800
write-env-file ${HOME}/.gpg-agent-info

I use systemd and slim.service has been enabled, but I'd wager that since kwalletd and keychain is run from ~/.xinitrc it is not necessary to launch X.org at boot in order for this setup to work. In short: without KDE autorun scripts - rely on ~/.zprofile for setting environment variables and ~/.xinitrc for launching stuff.

Thanks for the help! smile

Offline

Board footer

Powered by FluxBB