LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   LinuxQuestions.org Member Success Stories (https://www.linuxquestions.org/questions/linuxquestions-org-member-success-stories-23/)
-   -   Tip: Setting up ssh-agent with OpenBox (https://www.linuxquestions.org/questions/linuxquestions-org-member-success-stories-23/tip-setting-up-ssh-agent-with-openbox-4175654898/)

dugan 05-30-2019 11:08 PM
Tip: Setting up ssh-agent with OpenBox
 
I hope I'm not the only person who took forever to figure out how to properly set up ssh-agent with OpenBox.

In ~/.config/openbox/environment
Code:
eval $(ssh-agent)
export SSH_ASKPASS=/usr/bin/lxqt-openssh-askpass
I'm using Slackware with LXQt installed, so I have lxqt-openssh-askpass available. An alternative, I hear, is openssh-askpass.

Then you modify your logout action, which by default, is in menu.xml and looks like this:

Code:
<item label="Log Out">
  <action name="Exit">
    <prompt>yes</prompt>
  </action>
</item>
You change that to:
Code:
<item label="Log Out">
  <action name="Execute">
    <execute>ssh-agent -k</execute>
  </action>

  <action name="Exit">
    <prompt>no</prompt>
  </action>
 </item>
With that setup, you have one ssh-agent instance for each X session, which is what you want.

Add the following to ~/.ssh/config:
Code:
AddKeysToAgent yes
You'll be asked to enter your SSH key's password only once per login.

And if you're wondering what I'm even on about: Funtoo's OpenSSH Key Management articles (which introduce their Keychain ssh-agent wrapper) is a good overview:

https://www.funtoo.org/Keychain

dugan 06-02-2019 11:08 AM
Just putting this into ~/.config/openbox/environment also works:

Code:
pkill ssh-agent
eval $(ssh-agent)
export SSH_ASKPASS=/usr/bin/lxqt-openssh-askpass
If you're using sddm, you can also put it in ~/.xprofile (among other places).

dugan 06-09-2019 10:35 AM
And this in (~/.config/openbox/environment) works for gnome-keyring, which persists SSH keys across login sessions:

Code:
eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK
export SSH_ASKPASS=/usr/lib64/seahorse/seahorse-ssh-askpass
EDIT: This is if you want to use gnome-keyring instead of ssh-agent.

greencedar 06-10-2019 07:33 PM
Thank you for your link to the information about Keychain.

Quote:
Keychain helps you to manage SSH and GPG keys in a convenient and secure manner. It acts as a frontend to ssh-agent and ssh-add, but allows you to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session.
The article helped my understanding.

dugan 08-27-2019 10:18 PM
For my new Manjaro i3 install, I decided to go with something similar, only using the GNOME Keyring, Seahorse and libsecret system. The only part that wasn't part of the default install is Seahorse, and that had only two dependencies.

In ~/.xprofile I put:

Code:
eval $(gnome-keyring-daemon --daemonize --start)
export SSH_AUTH_SOCK
export SSH_ASKPASS=/usr/lib/seahorse/ssh-askpass
In ~/.ssh/config:
Code:
AddKeysToAgent yes
And for git:

Code:
cd /usr/share/git/credential/libsecret
sudo make
git config --global credential.helper /usr/share/git/credential/libsecret/git-credential-libsecret
(Look, I know that I can get better integration than that, since this distro has PAM, but I'm coming from Slackware and this is good enough).

dugan 10-20-2019 07:57 PM
Just worked a bit more on my Manjaro i3 setup, and I think I finally got it.

First, when I install I do not check "Log in automatically without asking for the password."

Apparently, you cannot get an automatically unlocked keyring if you're using auto-logins with lightdm:

FS#55950 - [lightdm] [gnome-keyring] Keyring not unlocked on initial autologin - works on subsequent sessions

There's advice out there to just set "Login" keyring's password to a blank one, if you want both auto-login and auto-unlock, but I couldn't get that to work. AFAICT, the information above is currently valid.

Install Seahorse and check the "Login" keyring. It should be unlocked.

If it somehow isn't being unlocked when you log in, then make sure the "Login" keyring has the same password as your login password.

In ~/.xprofile, put:

Code:
export SSH_ASKPASS=/usr/lib/seahorse/ssh-askpass
eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK
In ~/.ssh/config, put:

Code:
AddKeysToAgent yes
I set git up with the libsecret credential helper:

Code:
git config --global credential.helper /usr/lib/git-core/git-credential-libsecret
The other stuff, like PAM modules, are set up correctly out of the box, and do not need to be messed with.


All times are GMT -5. The time now is 03:15 PM.