The i3 FAQ has migrated to https://github.com/i3/i3/discussions. All content here is read-only.
Ask Your Question
3

ssh sessions in i3

asked 2013-09-09 03:40:52 +0000

jeffisabelle gravatar image

hello all,

I've been using in i3 for a while, and loved it so much. The only thing I'm missing is, when I was using gnome DE, it was automatically remember my passphrase after login in one time. It was asking my pwd in a pop-up, i3 asks it on the command line itself;

Enter passphrase for key '/home/jeffisabelle/.ssh/id_rsa':

the bad thing is, it asks every time I connect some server or use SCP to transfer files. Is there any way to use gnome's relevant utility for ssh connections? and if there is, how can I achieve this.

I'm not pretty sure how gnome handles those keys, but I found there is a utility called gnome-keyring and gnome-keyring-daemon but I couldn't get them working on i3.

Any help would be appreciated.

edit retag flag offensive close merge delete

Comments

1

Can you describe why gnome-keyring “does not work”? What is the symptom, what did you try?

Michael gravatar imageMichael ( 2013-09-19 02:47:36 +0000 )edit
1

@Michael, I have `gnome-keyring-d` running, but SSH still ask me the passphrase each time I log in with the same key. It works fine with the classic Ubuntu session (ask only once), not from within an i3 session (ask each time). Should I start a question specifically about i3 and GNOME Keyring? (note: I'm not the OP).

Hibou57 gravatar imageHibou57 ( 2014-07-04 13:03:12 +0000 )edit
2

I checked I have to manually invoke `ssh-add` which works. This suggest there really is an effective SSH Agent running, except it does not automatically invoke `ssh-add` as it do from within an Ubuntu session.

Hibou57 gravatar imageHibou57 ( 2014-07-04 14:35:24 +0000 )edit

7 answers

Sort by » oldest newest most voted
2

answered 2014-07-05 03:52:18 +0000

Hibou57 gravatar image

updated 2014-07-05 11:14:21 +0000

Here is what I did (checked working), for using SSH key unlocking for SFTP and SSH terminal session, in i3 running on Ubuntu 12.04.

In ~/.config/i3/config or ~/.i3/config, add this:

exec --no-startup-id /usr/lib/gnome-settings-daemon/gnome-settings-daemon

In ~/.profile, add this:

if [ "$0" = "/usr/sbin/lightdm-session" -a "$DESKTOP_SESSION" = "i3" ]; then
    export $(gnome-keyring-daemon -s)
fi

The latter may need to be tweaked, according to the explanations given in this reply to another question: Session's environment variables.

Now I get the same as within a classical Ubuntu session, that is, it ask me for the pass‑phrase the first time I sign‑in using a public key, and automatically sign‑in me without asking the pass‑phrase any‑more, each time I sign‑in using a key for which I already confirmed the pass‑phrase.

Hint: you may have to look at GNOME Keyring configuration to tell it to forget about the pass‑phrase after some inactivity delay or after each session logout (the default) or others, depending on your preference (I will later look at the command to be launched to do that from i3 and will edit this message to tell).

edit flag offensive delete link more

Comments

1

I would add http://www.nurdletech.com/linux-notes/agents/keyring.html as reading reference regarding gnome-keyring and pam. Helped me a lot in considering that this is the most appropriate answer.

ken gravatar imageken ( 2014-09-09 04:22:01 +0000 )edit

This trick does not work for me on ubuntu 14.04, but it works perfectly on 12.04! The keyring starts but everything depending on it (ssh, nm-applet password prompt for new wireless networks, ssh) just hangs indefinitely unless I manually start it in a terminal as well. Any clue? :(

spidernik84 gravatar imagespidernik84 ( 2015-08-07 08:09:43 +0000 )edit
1

answered 2014-03-04 12:55:06 +0000

chilicuil gravatar image

You can also use the gpg-agent to manage both, your gpg and ssh keys. This is how I do it on Ubuntu 12.04 >

Enable ssh-agent emulation in gpg-agent

sed -i -e "/STARTUP/ s:--daemon:--enable-ssh-support --daemon:" /etc/X11/Xsession.d/90gpg-agent

Disable ssh-agent on startup

sed -i -e "s:^use-ssh-agent:#use-ssh-agent:g" /etc/X11/Xsession.options

Enable agent gpg usage

echo "use-agent" >> "$HOME"/.gnupg/gpg.conf

Launch i3 this way on ~/.xsession or through your favorite login manager:

/etc/X11/Xsession i3
edit flag offensive delete link more
0

answered 2014-02-26 22:46:28 +0000

paulegan gravatar image

updated 2014-11-12 13:20:49 +0000

At least on Fedora, Xsession will source your ~/.profile. So you can start gnome-keyring-daemon there with something like this:

if [ "$0" = "/etc/gdm/Xsession" -a "$DESKTOP_SESSION" = "i3" ]; then
    export $(gnome-keyring-daemon --start)
    # SSH_AGENT_PID required to stop xinitrc-common from starting ssh-agent
    export SSH_AGENT_PID=${GNOME_KEYRING_PID:-gnome}
fi

That should work with any window manager and avoids the need to override ~/.xsession or ~/.xinitrc, duplicating some system setup.

It's important to set SSH_AGENT_PID so that the system script doesn't start ssh-agent.

See pkgs.fedoraproject.org/cgit/xorg-x11-xinit.git/tree/xinitrc-common?id=dcd41885446ee6e69bfe1e2b0466375d701fce08#n20

edit flag offensive delete link more
0

answered 2014-10-28 21:19:00 +0000

use gnome-keyring nicely with i3 the following environment variable must be set:

DBUS_SESSION_BUS_ADDRESS

following script does it when started i.e. with gdm:

/etc/X11/xinit/xinitrc.d/30-dbus     
 #!/bin/bash
 # launches a session dbus instance
 if [ -z "$DBUS_SESSION_BUS_ADDRESS" ] && type dbus-launch >/dev/null; then
   eval $(dbus-launch --sh-syntax --exit-with-session)
 fi

to use it as an ssh-agent in X11:

/etc/X11/xinit/xinitrc.d/50-gnome-keyring-daemon 
if [ "$DESKTOP_SESSION" = "i3" ]; then
    export $(gnome-keyring-daemon --start --components=secrets,ssh)
fi

then if you wanna use it with chromium and the above conditions are met just launch chromium --password-store=gnome libgnome-keyring does only initialize correctly when DBUSSESSIONBUS_ADDRESS is set and dbus is running.

edit flag offensive delete link more
0

answered 2015-08-07 16:08:14 +0000

All these tricks did not help in Ubuntu 14.04, sadly. What worked for me was to start the unity-settings-daemon via the i3 config file:

exec --no-startup-id unity-settings-daemon

From my understanding this executable replaces the old gnome-settings-daemon and takes care, like its old relative, to setup the agent and all the rest. Indeed, after adding that line the keyring started automatically at login without needing to put any line in .profile.

edit flag offensive delete link more
0

answered 2013-09-18 16:36:19 +0000

Lluís gravatar image

updated 2013-09-18 16:37:10 +0000

you can use ssh-agent, but I am not sure how to use it on i3wm, on terminal do

export SSH_ASKPASS=/usr/bin/ksshaskpass
eval $(ssh-agent)
ssh-add

then ssh-agent will authenticate you every time your private key is needed

can someone tell how you can launch this on every i3wm login?

edit flag offensive delete link more

Comments

I suppose the best way would be to start it in your .xsession before launching i3, so that the environment variables are present in all programs of your session. Ideally, you’d ask this as a separate question on this site, though.

Michael gravatar imageMichael ( 2013-09-19 02:48:35 +0000 )edit
0

answered 2013-09-09 14:58:43 +0000

DocOC gravatar image

Why not just generate your public key without a passphrase? This way you do not need gnome-keyring to manage passphrases for you. When you run ssh-keygen, and it asks you for a passphrase, simply hit the enter key, do the same when it asks you to re-enter the passphrase.

edit flag offensive delete link more

Comments

1

Having a passphrase is a good idea in case your file ever gets leaked, which can happen in many ways.

Michael gravatar imageMichael ( 2013-09-14 14:51:12 +0000 )edit

Well, the only way having no passphrase would be more insecure than with gnome-keyring would be if your local machine account were remotely compromised. However, I think this url will help you: https://wiki.gnome.org/GnomeKeyring/Pam

DocOC gravatar imageDocOC ( 2013-09-14 17:04:20 +0000 )edit

Question Tools

2 followers

Stats

Asked: 2013-09-09 03:40:52 +0000

Seen: 6,557 times

Last updated: Aug 07