Skip to content

ssh-add meets gnome-keyring.

August 24, 2007

Now that we have the gnome keyring for storing passwords in and the excellent pidgin now uses it so I have to type my passphrase in so that pidgin can login it was irritating me that I also have to type in a passphrase for ssh.

So I wrote a small program gnome-keyring.c and a Makefile which wil allow you to store your ssh passphrase in the gnome keyring and then have ssh-add use the same program to retrieve the key. To use it save the two files in a new directory and in that directory type “make”. (This kind of assumes you have a compiler). Then install the resulting binary in your path.

Now to save away your ssh passphrase in the gnome keyring type

: principia IA 35 $; gnome-keyring -s enter password:  Reenter password:  : principia IA 36 $; gnome-keyring    easy to guess : principia IA 37 $;  


Now if you set the environment variable SSH_ASKPASS to be gnome-keyring in your .dtprofile eg:

SSH_ASKPASS=gnome-keyring 

and then have your gnome session call “ssh-add” when the session starts you will be prompted for the gnome-keyring passphrase and you never have to type the ssh one.


I’ve only tested this on nevada build 71.


Irritatingly after I wrote this I did a google search for “ssh gnome-keyring” and discovered that I had reinvented the wheel, but I enjoyed it.

Update:

I’ve updated the program to be able to cope with having different passphrases for differnent ssh keys. This is a bit of a hack as it relies on the arguments that ssh-add passes to the program to work out which key to use but it works.

 : principia IA 169 $; gnome-keyring -s /home/cg13442/.ssh/id_rsa enter password:  Reenter password:  : principia IA 170 $; gnome-keyring -g /home/cg13442/.ssh/id_rsa not so easy to guess : principia IA 171 $; gnome-keyring -s /home/cg13442/.ssh/id_dsa enter password:  Reenter password:  : principia IA 172 $; gnome-keyring -g /home/cg13442/.ssh/id_dsa easy to guess : principia IA 173 $;  

Advertisements

From → Solaris

4 Comments
  1. Fantastic, now lets get it integrated instead of the zenity based ssh-ask-pass program that I have ARC approved but not yet integrated.

  2. It needs some clean up first, like returning an error if ssh-add asks it to try again if you have put the wrong passphrase into the gnome keyring.
    Here we really need a contract with ssh so that it can reliably tell if this is a retry. Parsing the arguments works in the C locale but if any of the messages are internationalized it will cause problems.
    Since cron is still on my list of things to do in my own time this could take me a while.

  3. [Trackback] I’ve updated my gnome-keyring
    SSH_ASKPASS program to improve the user experience. However to
    get this 100% I need some changes to ssh-add so that there is a
    stable interface between it and the SSH_ASKPASS program.
    The new version will read the …

  4. [Trackback] I’ve updated my gnome-keyring
    SSH_ASKPASS program to improve the user experience. However to
    get this 100% I need some changes to ssh-add so that there is a
    stable interface between it and the SSH_ASKPASS program.
    The new version will read the …

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: