On Sat, 2018-06-23 at 16:40 -0400, Jeffrey Ross wrote:
On 06/22/2018 07:54 AM, Berend De Schouwer wrote:
> On Fri, 2018-06-22 at 07:37 -0400, Jeffrey Ross wrote:
> > At one point Fedora had something (keyring?) that would allow me
> > to
> > unlock my SSH private keys and it would keep the unlocked key
> > available
> > so I could ssh without having to unlock my key every time. I
> > typically
> > run a simple "terminal" window and then "ssh
<hostname>" since my
> > key
> > is
> > not retained unlocked I'm prompted for a password.
> >
> > Fast forward to today, the system had been reinstalled (new
> > hardware,
> > new disks, etc) and I no longer have that ability. I'm currently
> > runn
> > Fedora 28 and the desktop is "Gnome", I'm sure it is just a
> > matter
> > of
> > installing/configuring/running the correct application.... but
> > which
> > one?
>
> You're *probably* missing the gnome-keyring package.
>
> you'll need:
> - ssh-agent (to remember)
> - an app that processes your passphrase (gnome-keyring or pinentry-
> gtk)
>
> ssh-agent is part of openssh-clients. It's usually run by gnome-
> keyring-daemon. Look in the process list for it. It should be
> running.
>
> ssh-add is a cli app that will let you add the key and trigger a
> passphrase without a GUI.
>
> You can see if a key is being remembered by running 'ssh-add -l'
>
> gnome-shell should prompt for the key (the prompt will be themed
> like
> gnome-shell), but so can pinentry/pinentry-gtk (themed like a Gtk2
> app)
> _______________________________________________
>
ok, I used the two commands -
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
and this works for the one terminal shell I entered the commands in,
any
other terminal I either need to re-run the commands in that shell or
unlock my private key when I type ssh <hostname>
not sure if putting the commands in the rc file to run would be the
best
thing to do, I suspect I'll have to unlock every time I open a new
window, plus this is not what I remember, I remember (maybe
incorrectly)
getting a graphical dialogue box asking me to unlock my key.
There used to be a bug running an agent under Wayland, which resulted
in lost environment variables. The bug was fixed a long time ago.
To counter that bug, I used to add the following to ~/.bashrc. It
might help you if you plan to start ssh-agent from there:
if [ ! -n "${SSH_AUTH_SOCK}" ] && \
[ -r "/run/user/${ID}/keyring/ssh" ]; then
export SSH_AUTH_SOCK="/run/user/${ID}/keyring/ssh"
fi
Note: I haven't tested this in at least a year.
Possibly related: if you recovered an ancient ~/.bashrc or profile from
backup on F28, please try the stock ones. They're in /etc/skel/