Setting Up SSH Agent in i3
In this post, I will write about the procedure to correctly setup SSH and GPG agents in the i3 window manager. To follow this post, you need to have ssh-keys and your private GPG keys ready. If you do not already have these keys with you, I will describe the process of creating the keys.
SSH
Generating an SSH key pair provides you with a public key and a private key. The private key should never be given to anyone and public key, well the name itself is self-explanatory.
To create a new key pair, open a terminal and paste the text below.
ssh-keygen -t rsa -b 4096 -C "your_email_address"
This command will create a new ssh key pair with the given email address as the label. Press Enter for any question asked. When it asks for the passphrase, type a strong passphrase, otherwise leave it blank to have no password.
GPG
You might need to download the GPG command line tools before following the below steps. Follow your distribution’s documentation for more help.
Once you have downloaded the tools, open a terminal and type the following command.
gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/home/yash/.gnupg' created
gpg: new configuration file `/home/yash/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/yash/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/yash/.gnupg/secring.gpg' created
gpg: keyring `/home/yash/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
At the next prompt, enter the key size. It is recommanded to use the maximum key size of 4096 bits.
Enter the time duration for which the key should remain valid. Press Enter to specify the default selection, indicating that the key does not expire.
After verifying the information, enter your user information and a strong passphrase. Afterwards, GPG will start generating your key. You will see:
We need to generate a lot of random bytes. It is a good idea to
perform some other action (type on the keyboard, move the mouse,
utilize the disks) during the prime generation; this gives the
random number generator a better chance to gain enough entropy.
You can now use the key (until it expires) to encrypt your data.
Setting up SSH Agent
Configuring i3
Update (26/05/2018): As pointed out by Saksham in comments below, this step is not required for the setup of SSH in i3. This step can be safely ignored.
Open i3 configuration file and add an exec_always
statement
exec_always ~/.config/i3/scripts/gnome-keyring.sh
Obviously, you will need to change the path according to your OS. Now make a new file in ~/.config/i3/scripts
with name gnome-keyring.sh
and paste the below text in it.
eval $(/usr/bin/gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
export GNOME_KEYRING_CONTROL GNOME_KEYRING_PID GPG_AGENT_INFO SSH_AUTH_SOCK
Now, reload the i3.
Configuring SSH
Update (26/05/2018): This step is also optional. Thanks to Saksham for pointing it out.
Open ~/.ssh/config
file and add following content to it.
Host *
AddKeysToAgent yes
IdentityFile /home/<your username>/.ssh/id_rsa
Setting up .bashrc
I am not using a login shell, and I could not find any suitable method to source ~/.profile
or ~/.bash_profile
on login in i3. So I added my configuration to ~/.bashrc
file. I know, it is a hack, but it works well for me without much headache.
Open ~/.bashrc
file and add following lines to the end of the file.
if [ -f ~/.ssh/agent.env ] ; then
. ~/.ssh/agent.env > /dev/null
if ! kill -0 $SSH_AGENT_PID > /dev/null 2>&1; then
echo "Stale agent file found. Spawning new agent… "
eval `ssh-agent | tee ~/.ssh/agent.env`
ssh-add
fi
else
echo "Starting ssh-agent"
eval `ssh-agent | tee ~/.ssh/agent.env`
ssh-add
fi
It will automatically start an ssh-agent if it is not already running. Otherwise, it uses the previously running agent.
Now log out and log in again to see, if ssh-agent works. Open a terminal and run the command ssh-add -l
. It will show you the hash value of your ssh-key which is loaded by the ssh-agent.
That is all for today. Thank you for reading!