I would like to share with you a trick on how to configure i3 ssh session to remember passphrase once you login to your Desktop. If you have ever used i3 window manager, definitely you know i3 is awesome, something that you can hold on to forever.
For those new to i3, i3 is a dynamic tiling window manager with clean, readable and documented code, featuring extended Xinerama support, usage of libxcb instead of xlib.
i3 ssh problem?
The only problem that pains many regarding i3 is how every time you start a new terminal window and try to ssh to a remote machine, it will ask you for passphrase even if you had saved it with ssh-agent and ssh-add commands.
Why write this i3 ssh post?
There are some tutorials online on how to solve this, but to me, none seemed to work. Finally i hacked my simple and stupid solution that works. This is what I’m sharing in this blog post. I’ll take you through generating ssh keys and setting up i3 ssh passphrase to automatically unlock.
Install and configure x11-ssh-askpass . I’m doing this on Arch Linux machine. Please consult relevant documentation for your Linux distribution.
$ sudo pacman -S x11-ssh-askpass libx11 libxt keychain $ sudo ln -sv /usr/lib/ssh/x11-ssh-askpass /usr/local/bin/SSH_ASKPASS '/usr/local/bin/SSH_ASKPASS' -> '/usr/lib/ssh/x11-ssh-askpass' $ which SSH_ASKPASS /usr/local/bin/SSH_ASKPASS
Then ensure ssh-agent always starts with your X session. My .zshrc file contain the line:
if [[ "$TTY" == "/dev/tty1" ]]; then ssh-agent startx fi
Above line can be placed as well on /etc/profile or ~/.bash_profile or ~/.bashrc
i3 ssh: Generate ssh keys
# ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/jose/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: .our identification has been saved in .pub.public key has been saved in The key fingerprint is: ba:ee:99:36:b3:cb:de:1d:bb:bf:b1:19:05:5a:8e:b9 email@example.com The key's randomart image is: +--[ RSA 4096]----+ | | | | | o | | * . | | S + . . | | . . . | | . E o | | .+= . o = | | =@=. +o=. | +-----------------+
When asked for passphrase, please provide one.
i3 ssh: Set auto-unlock ssh keys
After generating ssh keys, it’s time to configure your i3 environment to auto-unlock ssh keys every time you start new shell without asking you for passphrase. i3 ssh passphrase should be saved through ssh-add without manual intervention.
First create a file which will hold your i3 ssh passphrase, hide this where you and only you can remember. In my case this file will be $HOME/.passfile.
cat >$HOME/.passfile<<EOF #!/bin/bash echo "your-passphrase-here" EOF
Then make this file executable:
chmod +x $HOME/.passfile
To make i3 ssh passphrase unlock on every shell window launched, add the following to your .bashrc or .zshrc file if using zsh.
echo 'cat ~/.ssh/id_rsa | SSH_ASKPASS="$HOME/.passfile" ssh-add - &>/dev/null' >> ~/.bashrc
source .bashrc to effect changes on your current shell session.
Then copy ssh public key to one of your remote machine, test by tying to ssh
$ ssh-copy-id firstname.lastname@example.org $ cat >> ~/.ssh/config<<EOF Host zenoss User root Hostname zenoss.example.com EOF $ ssh zenoss Last login: Thu Mar 9 15:46:15 2017 from gateway [root@zenoss ~]#
From the output above, you should have noticed that it didn’t ask me for passphrase.