Talk:SSH keys

From ArchWiki
Jump to: navigation, search

kwallet5

there should be a note about kwallet5 not supporting PGP, for now

--- Lesto (talk) 23:50, 15 March 2015 (UTC)

Are you sure it is the case? Can you provide some source, a bug report or something? For now we have SSH keys#Store SSH keys with Kwallet linking to KDE_Wallet#Using_the_KDE_Wallet_to_store_ssh_keys which only has a vague, unsourced "May have a bug" accuracy template. Neitsab (talk) 11:21, 21 October 2015 (UTC)

pam_tally

With two factor authentication (crypto keys **and** password). I achieve that pam_tally increments by 2 the user errors every time I login. So surely there is an error in the suggested configuration--Xan (talk) 12:00, 30 June 2015 (UTC)

SSH public key passphrase

I think that we should add `ssh -p -k ~/.ssh/id_ed25519.pub` to page, I saw a nice example from https://blog.0xbadc0de.be/archives/300. Pickfire (talk) 10:09, 13 April 2016 (UTC)

Starting ssh-agent as a wrapper

In this section, there is a note which says that you "can" add eval$(ssh-agent) to your .xinitrc.

When using ssh-agent as a wrapper to startx, I have noticed that if I have both -- the alias as well as the eval statement in .xinitrc, it spawns 2 ssh-agent processes. I believe this is a leftover note from earlier when we didn't have the section titled "ssh-agent".

Can someone confirm and I will remove that note from the "ssh-agent as a wrapper section", because the way it stands today seems to indicate that you need to do both -- the alias to startx as well as add the eval statement to xinitrc in order for it to work when that is not the case.

Inxsible (talk) 00:46, 4 January 2017 (UTC)

I'm pretty sure the note was intended like this. -- Lahwaacz (talk) 20:12, 4 January 2017 (UTC)

Cleaner systemd-based ssh-agent setup

~/.config/environment.d/ssh-agent.conf
SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/ssh-agent.socket"
~/.config/systemd/user/ssh-agent.service
[Service]
ExecStart=/usr/bin/ssh-agent -D -a "${SSH_AUTH_SOCK}"

[Install]
WantedBy=default.target
~/.zshrc or ~/.bash_profile or ~/.profile or the equivalent
eval $(systemctl --user show-environment | grep SSH_AUTH_SOCK)
export SSH_AUTH_SOCK

Touching three files, instead of two, but the path is defined only in one place. Something similar could be achieved with EnvironmentFile. Thoughts?

Jeremejevs (talk) 17:22, 23 November 2017 (UTC)

It's arguably not cleaner because you need eval, systemctl and grep to extract the path for the shell. -- Lahwaacz (talk) 18:29, 23 November 2017 (UTC)