[HowTo] Use kwallet as a login keychain for storing SSH key passphrases on Manjaro ARM KDE

Difficulty: ★★☆☆☆

Something that had been irritating me for a while on Manjaro ARM KDE was that I was being prompted for my SSH key passphrase each time I wanted to initiate an SSH session via public key authentication. Below are the steps that I have gone through to use kwallet for storing my SSH key passphrases. Please note that I have written this tutorial specifically with Manjaro ARM KDE in mind, (which is a stripped down version of what would be present in a full KDE desktop environment). Hence, this guide may not be necessary or right for you.

1. Use pacman to install any required packages

Update your system and install the required packages as follows:

sudo pacman -Syyu kwallet ksshaskpass kwalletmanager

Strictly speaking, I believe the modules required to unlock kwallet at login are located in the kwallet-pam and/or signon-kwallet-extension packages, but these were either already installed, or installed as dependencies for one or more of the above packages. kwalletmanager isn’t necessary, but provides a convenient GUI to view the contents of kwallet .

2. Start ssh-agent upon login

Use nano or your text editor or choice to create a new shell script named ssh-agent.sh in ~/.config/plasma-workspace/env/ :

nano ~/.config/plasma-workspace/env/ssh-agent.sh

Then add the following text:

#!/bin/sh

if [ -z "$SSH_AUTH_SOCK" ]; then
  eval "$(ssh-agent -s)"
fi

Then mark the file as executable:

chmod u+x ~/.config/plasma-workspace/env/ssh-agent.sh

3. Set the SSH_ASKPASS environmental variable

Use nano or your text editor of choice to create a new shell script named askpass.sh in ~/.config/plasma-workspace/env/ :

nano ~/.config/plasma-workspace/env/askpass.sh

Then add the following text:

#!/bin/sh

export SSH_ASKPASS='/usr/bin/ksshaskpass'

Then mark the script as executable:

chmod u+x ~/.config/plasma-workspace/env/askpass.sh

4. Create an ssh-add startup script

Use nano or your text editor of choice to create a script named ssh-add.sh in ~/.config/autostart-scripts/ :

nano ~/.config/autostart-scripts/ssh-add.sh

Then add the following text, replacing key1 , key2 etc. with the names of your SSH private keys:

#!/bin/sh

ssh-add -q ~/.ssh/key1 ~/.ssh/key2 ~/.ssh/key3 < /dev/null

Then mark the script as executable:

chmod u+x ~/.config/autostart-scripts/ssh-add.sh

5. Log out or reboot

Log out or reboot for the changes to take effect.

6. Add your SSH key passphrases to kwallet

Run the following code for each of your SSH private keys to store their passphrases in kwallet :

ssh-add /path/to/key < /dev/null

You can verify that your SSH keys are present in kwallet by launching kwalletmanager . Log out and in again and try to SSH into one of you machines. If everything has worked you should not be asked for your SSH passphrase.

Notes

4 Likes