You are not logged in.

#1 2022-06-11 12:24:22

Pavle
Member
Registered: 2022-06-04
Posts: 17

[DUPLICATE] Recommended method for unlocking SSH keys at login

This article: https://wiki.archlinux.org/title/GNOME/Keyring suggests adding the following to .bash_profile:

if [ -n "$DESKTOP_SESSION" ];then
    eval $(gnome-keyring-daemon --start)
    export SSH_AUTH_SOCK
fi

However, it seems that since recently, gnome-keyring-daemon is started automatically by systemd, so starting it again from the .bash_profile seems superfluous (plus it echoes an annoying message: "discover_other_daemon: 1"). I was able to create a unit file override for gnome-keyring-daemon.service that looks like this:

[Service]
ExecStart=
ExecStart=/usr/bin/gnome-keyring-daemon --foreground --components="pkcs11,secrets,ssh" --control-directory=%t/keyring

(so it simply includes ssh in the list of components, which is not present in the original unit file).

However, this is not enough, because you must also export the SSH_AUTH_SOCK environment variable. My solution was to add this to .bashrc:

export SSH_AUTH_SOCK=/run/user/$(id -u)/keyring/ssh

However, this all seems a bit too involved. I'm wondering if there's a better method. Is there another way to export this environment variable - perhaps from the unit file? There is also the socket unit (gnome-keyring-daemon.socket), which sounds like the perfect candidate to deal with exporting this variable.

Or perhaps there's a better way to do what I'm trying to do (which is simply to unlock the SSH key when I login). How do you folks do this?

Last edited by Pavle (2022-06-13 14:58:30)

Offline

#2 2022-06-11 14:09:07

merlock
Member
Registered: 2018-10-30
Posts: 233

Re: [DUPLICATE] Recommended method for unlocking SSH keys at login

I use keychain.


Eenie meenie, chili beanie, the spirits are about to speak -- Bullwinkle J. Moose
It's a big club...and you ain't in it -- George Carlin
Registered Linux user #149839
perl -e 'print$i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10); '

Offline

#3 2022-06-13 10:49:40

Pavle
Member
Registered: 2022-06-04
Posts: 17

Re: [DUPLICATE] Recommended method for unlocking SSH keys at login

Thanks merlock! I wasn't aware of that method. However, if I'm reading this right:

You will only be prompted for your passphrase once each time the machine is rebooted

it seems that you need to unlock your keys every time you reboot your machine. The advantage of gnome keyring is that you only need to enter it the very first time you run an ssh command and after that it is stored in the keychain.

Offline

#4 2022-06-13 11:29:02

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: [DUPLICATE] Recommended method for unlocking SSH keys at login

I haven't tried it, but further down (Tips) it says

if you do not want to be immediately prompted for unlocking the keys but rather wait until they are needed, use the --noask option.

Offline

#5 2022-06-13 11:41:03

Pavle
Member
Registered: 2022-06-04
Posts: 17

Re: [DUPLICATE] Recommended method for unlocking SSH keys at login

That doesn't solve the problem. You'd still be prompted for the password every time you need to use ssh - albeit only once in each "session" (for lack of a better word). Gnome keyring seems like a more elegant solution to me.

Offline

#6 2022-06-13 13:19:40

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: [DUPLICATE] Recommended method for unlocking SSH keys at login

Ah, yes, well, then just keep using that. And maybe track https://bbs.archlinux.org/viewtopic.php?id=277192

Offline

#7 2022-06-13 14:38:11

merlock
Member
Registered: 2018-10-30
Posts: 233

Re: [DUPLICATE] Recommended method for unlocking SSH keys at login

Pavle wrote:

it seems that you need to unlock your keys every time you reboot your machine.

You'd want your keys persistent across *reboots*??  Besides, (for me) that's not quite true.  I'm not prompted for anything until I open a terminal (or teminal-based) application.

With the proper configuration(s) (SSH/GPG) you can set indefinite time-out(s).

Pavle wrote:

You'd still be prompted for the password every time you need to use ssh

Nope.  As long as your passphrase hasn't timed-out, you're good to go.  Ex:

Machine rebooted for kernel update.  Open a terminal, put passphrases in, then close it.

Hour later, open a terminal, SSH to my RPi.  No passphrase.  Finish, log out and close terminal.

Couple of hours later, open another terminal, look up a password in pass.  No passphrase.

Anyway, for *me*, it just works.


Eenie meenie, chili beanie, the spirits are about to speak -- Bullwinkle J. Moose
It's a big club...and you ain't in it -- George Carlin
Registered Linux user #149839
perl -e 'print$i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10); '

Offline

#8 2022-06-13 14:54:24

Pavle
Member
Registered: 2022-06-04
Posts: 17

Re: [DUPLICATE] Recommended method for unlocking SSH keys at login

I'll close this in favor of https://bbs.archlinux.org/viewtopic.php?id=277192. I'll add my initial comment there.

Offline

Board footer

Powered by FluxBB