Strange behaviour for using $SSH_AUTH_SOCK after update

GoGRaDaN · 4 November 2022 10:03

On my Gnome system i start ssh-agent and set $SSH_AUTH_SOCK via a --user systemd service like this:

[Unit]
Description=SSH key agent

[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
# DISPLAY required for ssh-askpass to work
Environment=DISPLAY=:0
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK

[Install]
WantedBy=default.target

After login to Gnome, it autostarts KeepassXC and in that, i could make use of $SSH_AUTH_SOCK and use the SSH-Agent integration. Since the update this week, this integration isn’t working anymore as expected. KeepassXC complains that no ssh-agent is executed.

If i open a console and check the systemd service, i see it enabled and active. If i use printenv | grep SSH_AUTH_SOCK on the same console it prints the expected var and path. If i start KeepassXC again from the Gnome Arch menu or Dock, the ssh-agent integration is not working. But when i start keepassxc from the same console as where i check the env var, the integration works.

I get the same behaviour for all other applications which make use of $SSH_AUTH_SOCK.

Any idea, what’s wrong after the update or how to solve this?

Deano · 4 November 2022 10:22

Have you something like

SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

in your ~/.pam_environment? It’s not evaluated any more since the last update (deprecated). Take a look at AUR (en) - systemd-ssh-agent how to set this at another place.

GoGRaDaN · 4 November 2022 10:30

Yepp. I have exactly this line in ~/.pam_environment. If i understand the link correct, i should now use:

$ cat /etc/profile.d/ssh_auth_sock.sh
#!/bin/sh
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

Is this correct?

GoGRaDaN · 4 November 2022 10:39

After installing the mentioned systemd-ssh-agent, integration works again. Many thx for pointing me to this.

flipper · 4 November 2022 11:38

It also works by adding

export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

to your ~/.bashrc or ~/.zshrc

GoGRaDaN · 4 November 2022 15:49

that’s what I thought at first. Unfortunately, this way did not work for unknown reasons. Im using bash…

flipper · 4 November 2022 16:39

I also had to manually override the value of SSH_AUTH_SOCK in keepassxc, value was empty. Maybe that did it for me?

Screenshot_20221104_173634

Though, I would prefer the other way if the value is detected automatically.

GoGRaDaN · 4 November 2022 16:42

The other way works automatically. This is important, since with that, i can use it in other applications to.

If you dont want to install the AUR package, you can create the shell script and insert, the content by yourself. You must do that with root privileges. For example on the shell:

sudo nano /etc/profile.d/ssh_auth_sock.sh

then insert both lines:

#!/bin/sh
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

Save this with Ctrl + X > Enter
Make it executable with: sudo chmod +x /etc/profile.d/ssh_auth_sock.sh

flipper · 4 November 2022 16:51

Ah nice, I tried this and removed all my other manipulations and its working automatically.
Thanks for checking!

PS: making it executable wasn’t necessary

system · 7 November 2022 06:51

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.