LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories
User Name
Password
LinuxQuestions.org Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.

Notices


Reply
  Search this Thread
Old 05-31-2019, 12:08 AM   #1
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 9,210

Rep: Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034
Tip: Setting up ssh-agent with OpenBox


I hope I'm not the only person who took forever to figure out how to properly set up ssh-agent with OpenBox.

In ~/.config/openbox/environment
Code:
eval $(ssh-agent)
export SSH_ASKPASS=/usr/bin/lxqt-openssh-askpass
I'm using Slackware with LXQt installed, so I have lxqt-openssh-askpass available. An alternative, I hear, is openssh-askpass.

Then you modify your logout action, which by default, is in menu.xml and looks like this:

Code:
<item label="Log Out">
  <action name="Exit">
    <prompt>yes</prompt>
  </action>
</item>
You change that to:
Code:
<item label="Log Out">
  <action name="Execute">
    <execute>ssh-agent -k</execute>
  </action>

  <action name="Exit">
    <prompt>no</prompt>
  </action>
 </item>
With that setup, you have one ssh-agent instance for each X session, which is what you want.

Add the following to ~/.ssh/config:
Code:
AddKeysToAgent yes
You'll be asked to enter your SSH key's password only once per login.

And if you're wondering what I'm even on about: Funtoo's OpenSSH Key Management articles (which introduce their Keychain ssh-agent wrapper) is a good overview:

https://www.funtoo.org/Keychain

Last edited by dugan; 06-02-2019 at 06:45 AM.
 
Old 06-02-2019, 12:08 PM   #2
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 9,210

Original Poster
Rep: Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034
Just putting this into ~/.config/openbox/environment also works:

Code:
pkill ssh-agent
eval $(ssh-agent)
export SSH_ASKPASS=/usr/bin/lxqt-openssh-askpass
If you're using sddm, you can also put it in ~/.xprofile (among other places).
 
Old 06-09-2019, 11:35 AM   #3
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 9,210

Original Poster
Rep: Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034
And this in (~/.config/openbox/environment) works for gnome-keyring, which persists SSH keys across login sessions:

Code:
eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK
export SSH_ASKPASS=/usr/lib64/seahorse/seahorse-ssh-askpass
EDIT: This is if you want to use gnome-keyring instead of ssh-agent.

Last edited by dugan; 06-11-2019 at 09:06 AM.
 
1 members found this post helpful.
Old 06-10-2019, 08:33 PM   #4
greencedar
Member
 
Registered: Sep 2018
Location: Missouri
Distribution: Ubuntu 18.04 Bionic Beaver & Linux Mint 19.1 Tessa
Posts: 658
Blog Entries: 1

Rep: Reputation: 60
Thank you for your link to the information about Keychain.

Quote:
Keychain helps you to manage SSH and GPG keys in a convenient and secure manner. It acts as a frontend to ssh-agent and ssh-add, but allows you to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session.
The article helped my understanding.
 
Old 08-27-2019, 11:18 PM   #5
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 9,210

Original Poster
Rep: Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034
For my new Manjaro i3 install, I decided to go with something similar, only using the GNOME Keyring, Seahorse and libsecret system. The only part that wasn't part of the default install is Seahorse, and that had only two dependencies.

In ~/.xprofile I put:

Code:
eval $(gnome-keyring-daemon --daemonize --start)
export SSH_AUTH_SOCK
export SSH_ASKPASS=/usr/lib/seahorse/ssh-askpass
In ~/.ssh/config:
Code:
AddKeysToAgent yes
And for git:

Code:
cd /usr/share/git/credential/libsecret
sudo make
git config --global credential.helper /usr/share/git/credential/libsecret/git-credential-libsecret
(Look, I know that I can get better integration than that, since this distro has PAM, but I'm coming from Slackware and this is good enough).

Last edited by dugan; 08-28-2019 at 12:06 AM.
 
Old 10-20-2019, 08:57 PM   #6
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 9,210

Original Poster
Rep: Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034Reputation: 4034
Just worked a bit more on my Manjaro i3 setup, and I think I finally got it.

First, when I install I do not check "Log in automatically without asking for the password."

Apparently, you cannot get an automatically unlocked keyring if you're using auto-logins with lightdm:

FS#55950 - [lightdm] [gnome-keyring] Keyring not unlocked on initial autologin - works on subsequent sessions

There's advice out there to just set "Login" keyring's password to a blank one, if you want both auto-login and auto-unlock, but I couldn't get that to work. AFAICT, the information above is currently valid.

Install Seahorse and check the "Login" keyring. It should be unlocked.

If it somehow isn't being unlocked when you log in, then make sure the "Login" keyring has the same password as your login password.

In ~/.xprofile, put:

Code:
export SSH_ASKPASS=/usr/lib/seahorse/ssh-askpass
eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK
In ~/.ssh/config, put:

Code:
AddKeysToAgent yes
I set git up with the libsecret credential helper:

Code:
git config --global credential.helper /usr/lib/git-core/git-credential-libsecret
The other stuff, like PAM modules, are set up correctly out of the box, and do not need to be messed with.

Last edited by dugan; 10-20-2019 at 08:58 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] "Permission denied" when Openbox tries to execute autostart.sh in ~/.config/openbox alarazr Linux - Software 4 10-04-2012 04:50 PM
Openbox autostart.sh and setting alias on openbox start Jelloir Linux - Desktop 1 07-03-2011 04:56 AM
LXer: Tip: Tip: Simple Regular Expressions For Reviewing Log Files LXer Syndicated Linux News 0 11-20-2008 01:41 PM
[SOLVED] ssh-agent -> The agent has no identities. windstory Linux - Security 2 11-19-2008 07:45 PM
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories

All times are GMT -5. The time now is 02:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration