User:Outswayer

Using arch since 07-2022

My setup to automatically unlock SSH keys for use with SSH agent on Sway:

Warning: I have not yet figured out how to make this work with greetd, for now I login directly in the TTY.

Packages needed: (in addition to openssh of course)

gnome-keyring libsecret seahorse

open seahorse, create the "login" keyring, and set the same password for it that you use to log in. Seahorse will later add the ssh key to this keyring.

Enable the SSH module by adding ,ssh to the loaded ---components

/usr/lib/systemd/user/gnome-keyring-daemon.service

ExecStart=/usr/bin/gnome-keyring-daemon --foreground --components="pkcs11,secrets,ssh" --control-directory=%t/keyring

enable the user service gcr-ssh-agent.service

$ systemctl --user enable gcr-ssh-agent.service

add the path to your auth socket to .bash_profile:

~/.bash_profile

export SSH_AUTH_SOCK=/run/user/<yourUID>/keyring/ssh

edit /etc/pam.d/login to autostart the keyring:

Warning: making mistakes in this file might leave you unable to log in on your system.

/etc/pam.d/login

auth optional pam_gnome_keyring.so
session optional pam_gnome_keyring.so auto_start

Once done, reboot and log in. There should be a prompt to enter your key passphrase, this will happen once and save the key for all future logins. Make sure to check the box to save it. This should let gnome-keyring automatically unlock and add your SSH key on every login.

Note: To make cron jobs work with your ssh agent, you'll need to export the SSH_AUTH_SOCK for them too, in fcron that can be done by simply putting SSH_AUTH_SOCK=<path-to-your-sock> at the top of your fcrontab -e

Notes section: efibootmgr line to create my boot entry

efibootmgr --create --disk /dev/nvme0n1 --part 1 --label "Linux" --loader /vmlinuz-linux --unicode 'cryptdevice=UUID=cdb01b96-c518-49db-b16f-bfe099c9cf77:root root=/dev/mapper/root rw initrd=\intel-ucode.img initrd=\initramfs-linux.img'