You are not logged in.

#1 2022-10-21 01:04:34

lfitzgerald
Member
Registered: 2021-07-16
Posts: 175

[SOLVED] Dialog asking for SSH passwords *during* login

Recently, my computer started having an annoying issue: When I first boot and enter my password in SDDM, I get a bunch of dialogs asking for passphrases to my SSH keys. Whether I enter the correct one or click cancel, the next time I boot it asks for it again. After I dismiss all the dialogs (I have several SSH keys) finally i3 begins to startup.

I have KDE installed, which I hardly use as a DE, but I do use some components like Kmail which brings in akonadi and kwallet appears to store some of my application passwords, which is fine.

I didn't use to have this issue, but recently my kwallet key got messed up so I had to remake them, and this seems to have started after that. I'm not sure if it's related.

There is nothing in my i3 config about ssh. I have some SSH agent stuff in my fish conf.d/ files, but the dialogs show up when I enter my password in SDDM, before i3 even starts up, let alone me opening a shell.

I also tried going into kwallet and deleting my SSH passwords from there. Yet I still get the dialogs.

Even more annoyingly, "systemctl restart sddm" is not enough to trigger the issue. I have to reboot, and the dialogs show up only on the first login.

Anyone know how to solve this?

Last edited by lfitzgerald (2022-10-22 17:59:46)

Offline

#2 2022-10-21 01:32:45

lfitzgerald
Member
Registered: 2021-07-16
Posts: 175

Re: [SOLVED] Dialog asking for SSH passwords *during* login

Of course as soon as I post it, I discover something else.

I have a ~/.config/fish/conf.d/ssh-agent.fish which is supposed to initialize ssh agent with my keys, *when I start a new shell*. I had the hunch that maybe fish runs it on login as well. So I removed the file, rebooted, and no more dialog.

The problem is though that I still need to prevent this behavior while having the ssh-agent start with the shell.

Offline

#3 2022-10-21 06:31:21

seth
Member
From: Won't reply 2 private help req
Registered: 2012-09-03
Posts: 76,461

Re: [SOLVED] Dialog asking for SSH passwords *during* login

Why would you want ssh-agent to run whenever you start a new shell?

Fish doesn't seem to split profile and rc, but you can test the login status:
https://wiki.archlinux.org/title/Fish#Start_X_at_login

Alternatively, start https://wiki.archlinux.org/title/SSH_ke … stemd_user

Offline

#4 2022-10-22 17:59:33

lfitzgerald
Member
Registered: 2021-07-16
Posts: 175

Re: [SOLVED] Dialog asking for SSH passwords *during* login

seth wrote:

Why would you want ssh-agent to run whenever you start a new shell?

To be clear, ssh-agent.fish is idempotent, it doesn't start a new ssh-agent process if there's one running already. I assume this was the confusing part?

seth wrote:

Fish doesn't seem to split profile and rc, but you can test the login status:
https://wiki.archlinux.org/title/Fish#Start_X_at_login

Ah! I had not realized that the login runs my shell before my WM comes up. In retrospect it's kind of obvious big_smile . After fiddling with it a bit, I had some success with this:

# Hacky workaround for being prompted to enter SSH passes during login
# https://bbs.archlinux.org/viewtopic.php?pid=2063185
if pgrep i3 > /dev/null
    set -x SSH_ASKPASS (which ksshaskpass)
end

# start ssh-agent

I believe it works because with SSH_ASKPASS unset, on my system, ssh-add silently fails (and I can login unmolested). From your link, I've learned about the "status" command, so I can just have my ssh-agent.fish return "if not status --is-interactive".

Well, I have my dotfiles set up in such a way that I use my fish config on other OSes also (like Macs). So the systemd way would not be portable. But I suppose it's not the end of the world to just have different ssh-agent configs for each OS. And maybe it's better to decouple the ssh-agent from my choice of shell, since I use other ones also.

I'll mark this solved now. Hopefully there's enough info to help anyone else who later finds it.

Offline

Board footer

Powered by FluxBB