Saturday, November 16, 2024
Google search engine
HomeGuest Blogsi3 ssh configuration to unlock without passphrase

i3 ssh configuration to unlock without passphrase

I would like to share with you a trick on how to configure i3 ssh session to remember passphrase once you login to your Desktop. If you have ever used i3 window manager, definitely you know i3 is awesome, something that you can hold on to forever.

What’s i3

For those new to i3, i3 is a dynamic tiling window manager with clean, readable and documented code, featuring extended Xinerama support, usage of libxcb instead of xlib.

i3 ssh problem?

The only problem that pains many regarding i3 is how every time you start a new terminal window and try to ssh to a remote machine, it will ask you for passphrase even if you had saved it with ssh-agent and ssh-add commands.

Why write this i3 ssh post?

There are some tutorials online on how to solve this, but to me, none seemed to work. Finally i hacked my simple and stupid solution that works. This is what I’m sharing in this blog post. I’ll take you through generating ssh keys and setting up i3 ssh passphrase to automatically unlock.

Prereqs:

Install and configure x11-ssh-askpass  . I’m doing this on Arch Linux machine. Please consult relevant documentation for your Linux distribution.

$ sudo pacman -S x11-ssh-askpass libx11 libxt keychain
$ sudo ln -sv /usr/lib/ssh/x11-ssh-askpass /usr/local/bin/SSH_ASKPASS
'/usr/local/bin/SSH_ASKPASS' -> '/usr/lib/ssh/x11-ssh-askpass'

$ which SSH_ASKPASS
/usr/local/bin/SSH_ASKPASS

Then ensure ssh-agent always starts with your X session. My .zshrc file contain the line:

if [[ "$TTY" == "/dev/tty1" ]]; then
ssh-agent startx
fi

Above line can be placed as well on /etc/profile or ~/.bash_profile or ~/.bashrc

i3 ssh:  Generate ssh keys

# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/jose/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
.our identification has been saved in 
.pub.public key has been saved in 
The key fingerprint is:
ba:ee:99:36:b3:cb:de:1d:bb:bf:b1:19:05:5a:8e:b9 [email protected]
The key's randomart image is:
+--[ RSA 4096]----+
| |
| |
| o |
| * . |
| S + . . |
| . . . |
| . E o |
| .+= . o = |
| =@=. +o=. |
+-----------------+

When asked for passphrase, please provide one.

i3 ssh: Set auto-unlock ssh keys

After generating ssh keys, it’s time to configure your i3 environment to auto-unlock ssh keys every time you start new shell without asking you for passphrase. i3 ssh passphrase should be saved through ssh-add without manual intervention.

First create a file which will hold your i3 ssh passphrase, hide this where you and only you can remember. In my case this file will be $HOME/.passfile.

cat >$HOME/.passfile<<EOF
#!/bin/bash
echo "your-passphrase-here"
EOF

Then make this file executable:

chmod +x $HOME/.passfile

To make i3 ssh passphrase unlock on every shell window launched, add the following to your .bashrc or .zshrc file if using zsh.

echo 'cat ~/.ssh/id_rsa | SSH_ASKPASS="$HOME/.passfile" ssh-add - &>/dev/null' >> ~/.bashrc

source .bashrc to effect changes on your current shell session.

source ~/.bashrc

Then copy ssh public key to one of your remote machine, test by tying to ssh

ssh-copy-id  [email protected]
ssh [email protected]

From the output above, you should have noticed that it didn’t ask me for passphrase.

RELATED ARTICLES

Most Popular

Recent Comments