In this post, I will write about the procedure to correctly setup SSH and GPG agents in the i3 window manager. To follow this post, you need to have ssh-keys and your private GPG keys ready. If you do not already have these keys with you, I will describe the process of creating the keys.
Generating an SSH key pair provides you with a public key and a private key. The private key should never be given to anyone and public key, well the name itself is self-explanatory.
To create a new key pair, open a terminal and paste the text below.
ssh-keygen -t rsa -b 4096 -C "your_email_address"
This command will create a new ssh key pair with the given email address as the label. Press Enter for any question asked. When it asks for the passphrase, type a strong passphrase, otherwise leave it blank to have no password.
You might need to download the GPG command line tools before following the below steps. Follow your distribution’s documentation for more help.
Once you have downloaded the tools, open a terminal and type the following command.
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory `/home/yash/.gnupg' created gpg: new configuration file `/home/yash/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/yash/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/yash/.gnupg/secring.gpg' created gpg: keyring `/home/yash/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection?
At the next prompt, enter the key size. It is recommanded to use the maximum key size of 4096 bits.
Enter the time duration for which the key should remain valid. Press Enter to specify the default selection, indicating that the key does not expire.
After verifying the information, enter your user information and a strong passphrase. Afterwards, GPG will start generating your key. You will see:
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
You can now use the key (until it expires) to encrypt your data.
Setting up SSH Agent
Update (26/05/2018): As pointed out by Saksham in comments below, this step is not required for the setup of SSH in i3. This step can be safely ignored.
Open i3 configuration file and add an
Obviously, you will need to change the path according to your OS. Now make a new file in
~/.config/i3/scripts with name
gnome-keyring.sh and paste the below text in it.
eval $(/usr/bin/gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh) export GNOME_KEYRING_CONTROL GNOME_KEYRING_PID GPG_AGENT_INFO SSH_AUTH_SOCK
Now, reload the i3.
Update (26/05/2018): This step is also optional. Thanks to Saksham for pointing it out.
~/.ssh/config file and add following content to it.
Host * AddKeysToAgent yes IdentityFile /home/<your username>/.ssh/id_rsa
Setting up .bashrc
I am not using a login shell, and I could not find any suitable method to source
~/.bash_profile on login in i3. So I added my configuration to
~/.bashrc file. I know, it is a hack, but it works well for me without much headache.
~/.bashrc file and add following lines to the end of the file.
if [ -f ~/.ssh/agent.env ] ; then . ~/.ssh/agent.env > /dev/null if ! kill -0 $SSH_AGENT_PID > /dev/null 2>&1; then echo "Stale agent file found. Spawning new agent… " eval `ssh-agent | tee ~/.ssh/agent.env` ssh-add fi else echo "Starting ssh-agent" eval `ssh-agent | tee ~/.ssh/agent.env` ssh-add fi
It will automatically start an ssh-agent if it is not already running. Otherwise, it uses the previously running agent.
Now log out and log in again to see, if ssh-agent works. Open a terminal and run the command
ssh-add -l. It will show you the hash value of your ssh-key which is loaded by the ssh-agent.
That is all for today. Thank you for reading!