Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
keepass_as_ssh_agent_with_auto-login_using_gnome_keyring [20.04.2021 02:24] – Pascal Suter | keepass_as_ssh_agent_with_auto-login_using_gnome_keyring [01.07.2021 08:51] (current) – [Keepass as SSH Agent with Auto-Login using gnome keyring] Pascal Suter | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Keepass as SSH Agent with Auto-Login using gnome keyring ====== | ||
+ | |||
+ | KeepassXC has built-in SSH-Agent support. It just needs to be enabled. To do that, start up KeepassXC, then go to **Tools --> settings --> SSH Agent** and check the **Enable SSH Agent** checkbox, hit okay and restart keepass | ||
+ | |||
+ | now you can create a new entry where you can enter your ssh private key password as password and then upload your ssh private key as an attachment under advanced. Finally go to the "SSH Agent" Tab and select the attachment. | ||
+ | |||
+ | from now on, your key will be loaded and usable without further password entry as soon as you start KeepassXC and unlock your database. | ||
+ | |||
+ | but since we are lazy, let's make it even more comfortable. in KeepassXC go to **Tools --> Settings --> General** and in enable " | ||
+ | |||
+ | so now that we made sure that KeepassXC is only shown as a system tray icon upon starting it, let's make sure it is started automatically after we login to our computer in Gnome | ||
+ | |||
+ | first we need to add the master password to our gnome keyring, so it is safely stored and can be used to automatically unlock our database: | ||
+ | |||
+ | sudo apt install libsecret-tools | ||
+ | secret-tool store --label=" | ||
+ | |||
+ | now that this is done, create the following script and add it to your startup applications in gnome: | ||
+ | |||
+ | <code bash keepass> | ||
+ | #!/bin/bash | ||
+ | # setup: | ||
+ | # sudo apt install libsecret-tools | ||
+ | # secret-tool store --label=" | ||
+ | |||
+ | function start(){ | ||
+ | success=1 | ||
+ | cntr=0 | ||
+ | # this loop helped making the re-opening of the database after a screen unlock more reliable | ||
+ | while [ $success -gt 0 ]; do | ||
+ | pwd=$(secret-tool lookup keepass safe) | ||
+ | success=$? | ||
+ | if [ $success -gt 0 ]; then | ||
+ | sleep 5 | ||
+ | fi | ||
+ | let cntr++ | ||
+ | if [ $cntr -gt 12 ]; then | ||
+ | notify-send ' | ||
+ | break | ||
+ | fi | ||
+ | done | ||
+ | echo $pwd | keepassxc --pw-stdin ~/ | ||
+ | } | ||
+ | start | ||
+ | |||
+ | # register dbus-monitor script to unlock keepass after unlocking a gnome session | ||
+ | gdbus monitor -y -d org.freedesktop.login1 | | ||
+ | while read x; do | ||
+ | if echo " | ||
+ | killall keepassxc | ||
+ | start | ||
+ | fi | ||
+ | done >/ | ||
+ | </ | ||
+ | |||
+ | sources: [[https:// | ||
+ | |||
+ | finally log out and log back in to your gnome session. a little keepass icon should appear in the system tray and you should be able to login to all your ssh key authenticated sites without entering another password. Now make sure you have a safe password to unlock your pc :) | ||
+ | |||
+ | ===== secret-tool: | ||
+ | |||
+ | On one of my machines i got this error message which was a bit confusing as it seems to be a secret-tool error message, but it actually has its roots in the dbus library. I then remembered that this was one of those machines where I had to implement a [[terminator_vs_ubuntu_18.10_-_broadcast_issue|workaround for the broadcasst function of terminator]] because it doubled every keystroke when broadcasting to other terminals. In this workaround, i had set the '' | ||
+ | |||