Setting Up SSH Agent in i3
— Yash Agarwal4 minutesIn this post, I will write about the procedure to correctly setup SSH and GPG agents in the i3 window manager. To follow this post, you need to have ssh-keys and your private GPG keys ready. If you do not already have these keys with you, I will describe the process of creating the keys.
SSH #
Generating an SSH key pair provides you with a public key and a private key. The private key should never be given to anyone and public key, well the name itself is self-explanatory.
To create a new key pair, open a terminal and paste the text below.
ssh-keygen -t rsa -b 4096 -C "your_email_address"
This command will create a new ssh key pair with the given email address as the label. Press Enter for any question asked. When it asks for the passphrase, type a strong passphrase, otherwise leave it blank to have no password.
GPG #
You might need to download the GPG command line tools before following the below steps. Follow your distribution’s documentation for more help.
Once you have downloaded the tools, open a terminal, and type the following command.
gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/home/yash/.gnupg' created
gpg: new configuration file `/home/yash/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/yash/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/yash/.gnupg/secring.gpg' created
gpg: keyring `/home/yash/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
At the next prompt, enter the key size. It is recommended to use the maximum key size of 4096 bits.
Enter the time duration for which the key should remain valid. Press Enter to specify the default selection, indicating that the key does not expire.
After verifying the information, enter your user information and a strong passphrase. Afterward, GPG will start generating your key. You will see:
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse,
utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
You can now use the key (until it expires) to encrypt your data.
Setting up SSH Agent #
Configuring i3 #
Update (26/05/2018): As pointed out by Saksham in the comments below, this step is not required for the setup of SSH in i3. This step can be safely ignored.
Open i3 configuration file and add an exec_always
statement -
exec_always ~/.config/i3/scripts/gnome-keyring.sh
Obviously, you will need to change the path according to your OS. Now make a new file in ~/.config/i3/scripts
with name gnome-keyring.sh
and paste the below text in it.
eval $(/usr/bin/gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
export GNOME_KEYRING_CONTROL GNOME_KEYRING_PID GPG_AGENT_INFO SSH_AUTH_SOCK
Now, reload the i3.
Configuring SSH #
Update (26/05/2018): This step is also optional. Thanks to Saksham for pointing it out.
Open ~/.ssh/config
file and add following content to it -
Host *
AddKeysToAgent yes
IdentityFile /home/<your username>/.ssh/id_rsa
Replace <your username> accordingly.
Setting up .bashrc #
I am not using a login shell, and I could not find any suitable method to source ~/.profile
or ~/.bash_profile
on login in i3. So I added my configuration to ~/.bashrc
file. I know it is a hack, but it works well for me without much headache.
Open ~/.bashrc
file and add following lines to the end of the file.
if [ -f ~/.ssh/agent.env ] ; then
. ~/.ssh/agent.env > /dev/null
if ! kill -0 $SSH_AGENT_PID > /dev/null 2>&1; then
echo "Stale agent file found. Spawning a new agent. "
eval `ssh-agent | tee ~/.ssh/agent.env`
ssh-add
fi
else
echo "Starting ssh-agent"
eval `ssh-agent | tee ~/.ssh/agent.env`
ssh-add
fi
It will automatically start an ssh-agent
if it is not already running. Otherwise, it attaches to a previously running agent.
Now log out and log in again to see if ssh-agent works. Open a terminal and run the command ssh-add -l
. It will show you the hash value of your ssh-key, which is loaded by the ssh-agent.
That is all for today. Thank you for reading!