Setting Up SSH Agent in i3

Dec 27, 2017

In this post, I will write about the procedure to correctly setup SSH and GPG agents in the i3 window manager. To follow this post, you need to have ssh-keys and your private GPG keys ready. If you do not already have these keys with you, I will describe the process of creating the keys.

SSH

Generating an SSH key pair provides you with a public key and a private key. The private key should never be given to anyone and public key, well the name itself is self-explanatory.

To create a new key pair, open a terminal and paste the text below.

ssh-keygen -t rsa -b 4096 -C "your_email_address"
ssh-keygen -t rsa -b 4096 -C "your_email_address"

This command will create a new ssh key pair with the given email address as the label. Press Enter for any question asked. When it asks for the passphrase, type a strong passphrase, otherwise leave it blank to have no password.

GPG

You might need to download the GPG command line tools before following the below steps. Follow your distribution's documentation for more help.

Once you have downloaded the tools, open a terminal, and type the following command.

gpg --gen-key
gpg --gen-key

You will see something like this. Enter 1 to select the default key choice.

gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/home/yash/.gnupg' created
gpg: new configuration file `/home/yash/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/yash/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/yash/.gnupg/secring.gpg' created
gpg: keyring `/home/yash/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/home/yash/.gnupg' created
gpg: new configuration file `/home/yash/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/yash/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/yash/.gnupg/secring.gpg' created
gpg: keyring `/home/yash/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?

At the next prompt, enter the key size. It is recommended to use the maximum key size of 4096 bits.

Enter the time duration for which the key should remain valid. Press Enter to specify the default selection, indicating that the key does not expire.

After verifying the information, enter your user information and a strong passphrase. Afterward, GPG will start generating your key. You will see:

We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse,
utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse,
utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.

You can now use the key (until it expires) to encrypt your data.

Setting up SSH Agent

Configuring i3

Update (26/05/2018): As pointed out by Saksham in the comments below, this step is not required for the setup of SSH in i3. This step can be safely ignored.

Open i3 configuration file and add an exec_alwaysexec_always statement -

exec_always ~/.config/i3/scripts/gnome-keyring.sh
exec_always ~/.config/i3/scripts/gnome-keyring.sh

Obviously, you will need to change the path according to your OS. Now make a new file in ~/.config/i3/scripts~/.config/i3/scripts with name gnome-keyring.shgnome-keyring.sh and paste the below text in it.

eval $(/usr/bin/gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
export GNOME_KEYRING_CONTROL GNOME_KEYRING_PID GPG_AGENT_INFO SSH_AUTH_SOCK
eval $(/usr/bin/gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
export GNOME_KEYRING_CONTROL GNOME_KEYRING_PID GPG_AGENT_INFO SSH_AUTH_SOCK

(Assuming that you already have installed gnome-keyring)

Now, reload the i3.

Configuring SSH

Update (26/05/2018): This step is also optional. Thanks to Saksham for pointing it out.

Open ~/.ssh/config~/.ssh/config file and add following content to it -

Host *
  AddKeysToAgent yes
  IdentityFile /home/<your username>/.ssh/id_rsa
Host *
  AddKeysToAgent yes
  IdentityFile /home/<your username>/.ssh/id_rsa

Replace <your username> accordingly.

Setting up .bashrc

I am not using a login shell, and I could not find any suitable method to source ~/.profile~/.profile or ~/.bash_profile~/.bash_profile on login in i3. So I added my configuration to ~/.bashrc~/.bashrc file. I know it is a hack, but it works well for me without much headache.

Open ~/.bashrc~/.bashrc file and add following lines to the end of the file.

if [ -f ~/.ssh/agent.env ] ; then
    . ~/.ssh/agent.env > /dev/null
    if ! kill -0 $SSH_AGENT_PID > /dev/null 2>&1; then
        echo "Stale agent file found. Spawning a new agent. "
        eval `ssh-agent | tee ~/.ssh/agent.env`
        ssh-add
    fi
else
    echo "Starting ssh-agent"
    eval `ssh-agent | tee ~/.ssh/agent.env`
    ssh-add
fi
if [ -f ~/.ssh/agent.env ] ; then
    . ~/.ssh/agent.env > /dev/null
    if ! kill -0 $SSH_AGENT_PID > /dev/null 2>&1; then
        echo "Stale agent file found. Spawning a new agent. "
        eval `ssh-agent | tee ~/.ssh/agent.env`
        ssh-add
    fi
else
    echo "Starting ssh-agent"
    eval `ssh-agent | tee ~/.ssh/agent.env`
    ssh-add
fi

It will automatically start an ssh-agentssh-agent if it is not already running. Otherwise, it attaches to a previously running agent.

Now log out and log in again to see if ssh-agent works. Open a terminal and run the command ssh-add -lssh-add -l. It will show you the hash value of your ssh-key, which is loaded by the ssh-agent.

That is all for today. Thank you for reading!