Re: ssh-add after graphical login

2023-03-26 Thread Yassine Chaouche 

Le 3/23/23 à 17:53, Erwan David a écrit :

I create a shell script ~/bin/start-session.sh in this script I have the command 
ssh-add < -

in System Settings > Startup and Shutdown > autostart I add this script as a 
login script


Thanks Erwan,
that's what I ended up doing.
the
 ssh-add < -
line looks dubious to me.
It seems like you're redirecting standard input to standard input,
that is to say it doesn't do much.

Best,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.

Re: ssh-add after graphical login

2023-03-23 Thread Erwan David 

Le 23/03/2023 à 09:42, Yassine Chaouche a écrit :

Hello all,

I'd like something to run ssh-add right after I login to my desktop
(KDE).
ssh-add needs to prompt me for my passphrase,
and doesn't need any privileges.

What are my options?

Best,



I  do this way :

I create a shell script ~/bin/start-session.sh in this script I have the 
command ssh-add < -


in System Settings > Startup and Shutdown > autostart I add this script 
as a login script

Re: ssh-add after graphical login

2023-03-23 Thread Vincent Lefevre 
On 2023-03-23 09:42:53 +0100, Yassine Chaouche wrote:
> I'd like something to run ssh-add right after I login to my desktop
> (KDE).
> ssh-add needs to prompt me for my passphrase,
> and doesn't need any privileges.
> 
> What are my options?

FYI, with zsh, I'm using wrappers so that I don't need to run ssh-add
directly: it is run automatically when needed by ssh:

  https://www.vinc17.net/unix/zsh-ssh-utils.tar.xz

This is mainly based on code I wrote in 2003, with some improvements
since.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: ssh-add after graphical login

2023-03-23 Thread Jeffrey Walton 
On Thu, Mar 23, 2023 at 8:57 AM Greg Wooledge  wrote:
>
> On Thu, Mar 23, 2023 at 08:53:48AM -0400, Jeffrey Walton wrote:
> > On Thu, Mar 23, 2023 at 4:43 AM Yassine Chaouche
> >  wrote:
> > >
> > > I'd like something to run ssh-add right after I login to my desktop
> > > (KDE).
> > > ssh-add needs to prompt me for my passphrase,
> > > and doesn't need any privileges.
> > >
> > > What are my options?
> >
> > You can remove the passphrase from the key. Then your agents can use
> > the key unattended (without prompting you).
>
> While this is true, it's a really awful suggestion...

Agreed. OP wanted options.

Jeff

Re: ssh-add after graphical login

2023-03-23 Thread Greg Wooledge 
On Thu, Mar 23, 2023 at 08:53:48AM -0400, Jeffrey Walton wrote:
> On Thu, Mar 23, 2023 at 4:43 AM Yassine Chaouche
>  wrote:
> >
> > I'd like something to run ssh-add right after I login to my desktop
> > (KDE).
> > ssh-add needs to prompt me for my passphrase,
> > and doesn't need any privileges.
> >
> > What are my options?
> 
> You can remove the passphrase from the key. Then your agents can use
> the key unattended (without prompting you).

While this is true, it's a really awful suggestion.  Removing the
passphrase from the key means that if the key is ever stolen, the
thief can use it to impersonate you in any context that accepts this
key.

Re: ssh-add after graphical login

2023-03-23 Thread Jeffrey Walton 
On Thu, Mar 23, 2023 at 4:43 AM Yassine Chaouche
 wrote:
>
> I'd like something to run ssh-add right after I login to my desktop
> (KDE).
> ssh-add needs to prompt me for my passphrase,
> and doesn't need any privileges.
>
> What are my options?

You can remove the passphrase from the key. Then your agents can use
the key unattended (without prompting you).

Removing the passphrase from the key is no different than storing the
key in a KeyChain without protection so the key can be used unattended
by an agent.

Jeff

Re: ssh-add after graphical login

2023-03-23 Thread Yassine Chaouche 

Le 3/23/23 à 12:24, Greg Wooledge a écrit :

 ssh-add 

Ah!
this is what I was missing!
the whole problem was how to ssh-add in a graphical way,
now that I have found a way,
I can maybe put it in a script inside the XDG Autostart directory.
This might leave more room for the ssh-agent to start,
and the whole desktop to launch
(KDE is somewhat slow on startup)

Best,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.

Re: ssh-add after graphical login

2023-03-23 Thread Yassine Chaouche 

Le 3/23/23 à 12:56, basti a écrit :

The ssh config inside ~/.ssh/ has an option 'AddKeysToAgent'.
Why you don't use this?

For example:

Host *
    ControlMaster auto
    ControlPath /run/user/%i/%r@%h-%p
    IdentityFile ~/.ssh/id_rsa
    ControlPersist 3600
    User root
    AddKeysToAgent yes



This is actually an excellent suggestion,
as it also greatly simplifies how I login to remote hosts!
the command line use to be
ssh user@host -p port

now all I need to do is:
ssh host

Thanks again basti!

Best,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.

Re: ssh-add after graphical login

2023-03-23 Thread Michel Verdier 
Le 23 mars 2023 Greg Wooledge a écrit :

> The only part I'm unsure of, for you, is how to ensure that this runs
> *after* your ssh agent has already been started.  I don't know how ssh
> agent startup is handled with Display Manager logins, since I don't use
> a DM, and I just start ssh-agent myself, right before running ssh-add.

I let ssh-agent call gpg-agent. So I do nothing in .ssh/config and in my
.xsession I put :

unset SSH_AGENT_PID
SSH_ASKPASS=/usr/bin/ssh-askpass
SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
export SSH_ASKPASS SSH_AUTH_SOCK

gpg-agent is launched via systemd. In .gnupg/gpg-agent.conf I put :

pinentry-program /usr/bin/pinentry-gnome3
enable-ssh-support

Re: ssh-add after graphical login

2023-03-23 Thread basti 

The ssh config inside ~/.ssh/ has an option 'AddKeysToAgent'.
Why you don't use this?

For example:

Host *
   ControlMaster auto
   ControlPath /run/user/%i/%r@%h-%p
   IdentityFile ~/.ssh/id_rsa
   ControlPersist 3600
   User root
   AddKeysToAgent yes

See man ssh_config

On 23.03.23 09:42, Yassine Chaouche wrote:

Hello all,

I'd like something to run ssh-add right after I login to my desktop
(KDE).
ssh-add needs to prompt me for my passphrase,
and doesn't need any privileges.

What are my options?

Best,

Re: ssh-add after graphical login

2023-03-23 Thread Greg Wooledge 
On Thu, Mar 23, 2023 at 09:42:53AM +0100, Yassine Chaouche wrote:
> I'd like something to run ssh-add right after I login to my desktop
> (KDE).
> ssh-add needs to prompt me for my passphrase,
> and doesn't need any privileges.
> 
> What are my options?

On Debian you can create a ~/.xsessionrc file which is executed by
/bin/sh when starting an X session, either by DM login or startx.

Inside that file, you should be able to run:

ssh-add

ssh-add after graphical login

2023-03-23 Thread Yassine Chaouche 

Hello all,

I'd like something to run ssh-add right after I login to my desktop
(KDE).
ssh-add needs to prompt me for my passphrase,
and doesn't need any privileges.

What are my options?

Best,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.