ssh-add meets gnome-keyring.

Now that we have the gnome keyring for storing passwords in and the excellent pidgin now uses it so I have to type my passphrase in so that pidgin can login it was irritating me that I also have to type in a passphrase for ssh.

So I wrote a small program gnome-keyring.c and a Makefile which wil allow you to store your ssh passphrase in the gnome keyring and then have ssh-add use the same program to retrieve the key. To use it save the two files in a new directory and in that directory type “make”. (This kind of assumes you have a compiler). Then install the resulting binary in your path.

Now to save away your ssh passphrase in the gnome keyring type

: principia IA 35 $; gnome-keyring -s
enter password: 
Reenter password: 
: principia IA 36 $; gnome-keyring   
easy to guess
: principia IA 37 $; 


Now if you set the environment variable SSH_ASKPASS to be gnome-keyring in your .dtprofile eg:

SSH_ASKPASS=gnome-keyring

and then have your gnome session call “ssh-add” when the session starts you will be prompted for the gnome-keyring passphrase and you never have to type the ssh one.


I've only tested this on nevada build 71.


Irritatingly after I wrote this I did a google search for “ssh gnome-keyring” and discovered that I had reinvented the wheel, but I enjoyed it.

Update:

I've updated the program to be able to cope with having different passphrases for differnent ssh keys. This is a bit of a hack as it relies on the arguments that ssh-add passes to the program to work out which key to use but it works.

: principia IA 169 $; gnome-keyring -s /home/cg13442/.ssh/id_rsa
enter password: 
Reenter password: 
: principia IA 170 $; gnome-keyring -g /home/cg13442/.ssh/id_rsa
not so easy to guess
: principia IA 171 $; gnome-keyring -s /home/cg13442/.ssh/id_dsa
enter password: 
Reenter password: 
: principia IA 172 $; gnome-keyring -g /home/cg13442/.ssh/id_dsa
easy to guess
: principia IA 173 $; 
Comments:

Fantastic, now lets get it integrated instead of the zenity based ssh-ask-pass program that I have ARC approved but not yet integrated.

Posted by Darren Moffat on August 25, 2007 at 05:23 AM BST #

It needs some clean up first, like returning an error if ssh-add asks it to try again if you have put the wrong passphrase into the gnome keyring.

Here we really need a contract with ssh so that it can reliably tell if this is a retry. Parsing the arguments works in the C locale but if any of the messages are internationalized it will cause problems.

Since cron is still on my list of things to do in my own time this could take me a while.

Posted by Chris Gerhard on August 25, 2007 at 05:31 AM BST #

[Trackback] I've updated my gnome-keyring SSH_ASKPASS program to improve the user experience. However to get this 100% I need some changes to ssh-add so that there is a stable interface between it and the SSH_ASKPASS program. The new version will read the ...

Posted by The dot in ... --- ... on August 30, 2007 at 03:26 AM BST #

Post a Comment:
Comments are closed for this entry.
About

This is the old blog of Chris Gerhard. It has mostly moved to http://chrisgerhard.wordpress.com

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today