Ssh-agent and SSH_AUTH_SOCK

rethus · 5 March 2024 10:30

I have a fresh Manjaro installation.
I’ve installed Keepassxc and it told me, that no ssh-agent is running (as it miss SSH_AUTH_SOCK).

So I’ve switched to CLI and check it, and wonder about this:

If I execute ssh-agent, it shows that the SSH_AUTH_SOCK is set to /tmp, but if I echo this variable it return nothing.

Any Idea, whats wrong here?

mithrial · 5 March 2024 10:54

Do you want KeepassXC as your ssh agent?

zbe · 5 March 2024 11:16

~~Yeah you’re not setting any variable. Exporting empty variable does nothing.~~ Nevermind, I just can’t be arsed to read stupid screenshots of text. Don’t post images of text, copy and paste it as preformatted text </>.

You should export something like this: (in .zshenv or wherever)

export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

rethus · 5 March 2024 11:16

No, KeepassXC is a Password-Manager that can inject SSH-Keys right into the agent (if need).
Therefor KeepassXC need to know where ssh-agent is up and running.

But as I shown above, it seems that ssh-agent not to export the ENV-Variable in right way

rethus · 5 March 2024 11:18

Ok, thanks.
Can I set this export in my .profile or /etc/environment ?
I mean .bashrc don’t make sense, as I also need it be present via KDE Autostart, right?!

zbe · 5 March 2024 11:20

Wherever works… I have it in .zshenv.

mithrial · 5 March 2024 11:45

You didn’t indicate which Desktop/Window manager you’re using.

Typically, it should go in ~/.xprofile.

rethus · 5 March 2024 11:48

Ah ok, sorry, it’s KDE so it would be ~/.xinitrc

freggel.doe · 5 March 2024 13:20

You’re using it wrong, ssh-agent prints the commands to export relevant variables as you see in that screenshot (which should have been copy+pasted text).
see
https://wiki.archlinux.org/title/SSH_keys#ssh-agent

This suspiciously sounds like it would only work as long as you’re using Xorg.
Perhaps using the existing systemd service will be more robust / future proof:
https://wiki.archlinux.org/title/SSH_keys#Start_ssh-agent_with_systemd_user

mithrial · 5 March 2024 14:21

Starting it, yes, but exporting the environment variable still must be done somewhere.

rethus · 6 March 2024 07:44

Ok, you are right, is much cleaner to have it right in the .service-File.

By Default this is set

[Unit]
ConditionEnvironment=!SSH_AGENT_PID
Description=OpenSSH key agent
Documentation=man:ssh-agent(1) man:ssh-add(1) man:ssh(1)

[Service]
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
PassEnvironment=SSH_AGENT_PID
SuccessExitStatus=2
Type=simple

[Install]
WantedBy=default.target

That is equal to what the screenshot (should be text) shows. But I wonder that Keepassxc don’t recognize it.

mithrial · 6 March 2024 11:04

Because the environment variable does only exists for other systemd services and not for your desktop manager.

rethus · 11 April 2024 09:55

Ok, what to do to fix this?
Still don’t work, even

rethus · 2 May 2024 09:46

Don’t get it to work after all. Can anybody help?

and additional to that I have in ~/.profile:

# Added by Toolbox App
export PATH="$PATH:/home/me/.local/share/JetBrains/Toolbox/scripts"
export PATH="$PATH:/home/me/.yarn/bin"
export VISUAL="/usr/bin/nano"
export EDITOR="/usr/bin/nano"
export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/ssh-agent.socket"

If I execute in bash / cli:

ssh-agent -s
SSH_AUTH_SOCK=/tmp/ssh-XXXXXXhPXM6I/agent.3073; export SSH_AUTH_SOCK;
SSH_AGENT_PID=3074; export SSH_AGENT_PID;
echo Agent pid 3074;

Olli · 2 May 2024 10:00

sudo systemctl enable sshd && sudo systemctl start sshd

rethus · 2 May 2024 10:08

Tried it, changed nothing, even not after reboot.

env |grep ssh
SSH_ASKPASS=/usr/bin/ksshaskpass





systemctl status sshd
● sshd.service - OpenSSH Daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-05-02 12:07:35 CEST; 2min 7s ago
   Main PID: 820 (sshd)
      Tasks: 1 (limit: 38089)
     Memory: 2.1M (peak: 2.8M)
        CPU: 17ms
     CGroup: /system.slice/sshd.service
             └─820 "sshd: /usr/bin/sshd -D [listener] 0 of 10-100 startups"

Mai 02 12:07:35 optimusprime systemd[1]: Started OpenSSH Daemon.
Mai 02 12:07:35 optimusprime sshd[820]: Server listening on 0.0.0.0 port 22.
Mai 02 12:07:35 optimusprime sshd[820]: Server listening on :: port 22.

mithrial · 2 May 2024 10:22

Ssh-agent and sshd are two very different scenarios.

You need to source the .profile file. Recent updates to lightdm (I believe) changes it so that it does not load this file anymore.

rethus · 2 May 2024 10:31

Ok, that might be the right direction, If I do echo $SSH_AUTH_SOCK before and after sourcing the ~/.profile it shows that “after” the variable is set.

But how do I get it load all the time so that KeepassXC can find it?
Seems it need to be some “Xorg11”-Context where this variable need to be available?!

mithrial · 2 May 2024 10:47

I think I’ve added it to either .xinit or .xprofile.

zbe · 2 May 2024 12:33

Didn’t I tell you exactly that 2 months ago?