I started my blog with a post telling you how to let Git remember your credentials for websites not supporting ssh keys (the post is here for those interested). In that day, I was struggling with Overleaf Git servers that do not support ssh keys (and still does not at the moment I am writing). It helped me for this case. Nevertheless, it is only compatible with Git servers and is not the best way to automatize your identifications (at least in my point of view). Today we will see how to use ssh keys to automatize many login steps.
In this post we will see two use cases:
- Automatic identification to servers using the ssh protocol.
- Automatic identification when doing push/pull commands on Git servers (such as GitHub or GitLab).
SSH keys contain a public key to encode messages (destined for servers) and a private key to be able to read those messages (destined for the client of the servers). If you want more information of the protocol, have a look here.
The distribution used (and tested) for this tutorial is Kubuntu 20.04 LTS (my new main distribution, but this story is for a future post).
Prepare the client side
In this section we will prepare the client that will do the identifications to the servers. We will first create a pair of public and private keys. Afterwards, we will start the ssh-agent to configure it with the private key.
Check if you already have a pair of SSH keys
Check the directory listing of
~/.ssh/ to see if you already have a public SSH key.
By default, the filename of the public key is
You can use a different pair of keys per server if you want.
I prefer to keep one pair of keys per machine (and change it regularly).
Generate a pair of SSH keys
To generate a pair of keys linked to an email address (to better identify the connected user) you have to type the following line:
ssh-keygen -t rsa -b 4096 -C "firstname.lastname@example.org"
Then, follow the instructions.
You can let the default key path if you do not have a default pair of keys.
You will also set a password to unlock your private key, be sure to remember it.
Be careful to not revel your private key (the
id_rsa file) in any case.
Start ssh-agent and add your private key
To let your system remember your private key for your session you can use the ssh-agent as follows:
eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_rsa
Now we have a pair of private and public key and the ssh-agent configured with it. We are ready to automatize our SSH identifications to servers or Git servers.
Automatize your login on servers using SSH
To automatize SSH password typing, you can add the public key to the authorized keys of your servers.
Before that, make sure that your remote user space contains a
ssh <login>@<server_adress> mkdir -p .ssh
Then you have to add your public key into the authorized keys file of your server:
cat ~/.ssh/id_rsa.pub | ssh <login>@<server_adress> 'cat >> .ssh/authorized_keys'
Now your server is configured with your ssh pair of keys. You can repeat those two steps for each server you can access.
Automatize your authentifications on Git servers
To automatize your identification (typing your login and password) after using a
push command, you can add your public key to your Git server (via their web interface).
To copy your public key on a website (such as GitHub or GitLab) you may want to add your key to the clipboard (to use Ctrl+V inside your web browser).
For this purpose, you need to install
sudo apt install xclip
or if you are on manjaro:
sudo pamac install xclip
Then, it is as simple as this:
xclip -sel clip < ~/.ssh/id_rsa.pub
Now your configuration is ready for your Git server. The next subsection will be about testing this configuration without modifying your repositories.
Test your configuration
To test your new configuration on your Git server, you can use the ssh protocol. It will avoid doing modifications to one of your Git repository. The next subsections show you how to do it for different Git servers.
ssh -T email@example.com
ssh -T firstname.lastname@example.org
Keeping ssh-agent identities on Kubuntu 22.04 after restart
With the above instructions, you have to (in Kubuntu at least) reconfigure the ssh-agent after each logout or restart. In this section, we will use kwallet to bypass this limitation.
First, we have to install the
sudo apt install ssh-askpass
Then, we have to create a script that will automatically unlock your private key when logged in. To achieve this, type the following lines:
mkdir -p ~/.config/autostart-scripts echo '#!/bin/sh' > ~/.config/autostart-scripts/ssh-add.sh echo 'export SSH_ASKPASS=/usr/bin/ksshaskpass' >> ~/.config/autostart-scripts/ssh-add.sh echo 'ssh-add < /dev/null' >> ~/.config/autostart-scripts/ssh-add.sh chmod +x ~/.config/autostart-scripts/ssh-add.sh
For the next step, type the following command and check the remember checkbox:
It will let the KDE wallet retain the password for your private key and unlocks it after each login.
Keeping ssh-agent identities on Manjaro after a reboot
After my switch to Manjaro linux (see my post about my migration), I realized that the method for Kubuntu didn’t work (and might not work on next LTS). Here is my solution, which is a combination of two approaches that you can find in my sources.
First of all, make sure you have the necessary tools:
sudo pamac install kwallet ksshaskpass kwalletmanager
Next, let’s configure our system and zsh to use the appropriate socket for the ssh agent:
sudo echo '#!/bin/sh' > /etc/profile.d/ssh-askpass.sh sudo echo 'export SSH_ASKPASS=/usr/bin/ksshaskpass' >> /etc/profile.d/ssh-askpass.sh echo 'export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR"/ssh-agent.socket' >> ~/.zshrc
Next, we create the user directory for systemd:
mkdir -p ~/.config/systemd/user
Next, create the file
~/.config/systemd/user/ssh-agent.service and fill it with the following content:
[Unit] Description=SSH agent (ssh-agent) [Service] Type=simple Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket Environment=DISPLAY=:0 Environment=KEY_FILE=/home/%u/.ssh/id_rsa ExecStart=ssh-agent -D -a $SSH_AUTH_SOCK ExecStartPost=/bin/sleep 3 ExecStartPost=/usr/bin/ssh-add $KEY_FILE ExecStop=kill -15 $MAINPID [Install] WantedBy=default.target
This service starts the ssh agent at each login on your machine and adds the private key you created at the beginning of this article. We will now enable it and run it:
systemctl --user daemon-reload systemctl --user enable ssh-agent.service
Now you can restart your machine and everything should work 😄. I hope this was helpful 😉.
Sources and inspirations
- GitHub Official instructions for SSH keys
- GitLab Official instructions for SSH keys
- Configure ssh-agent on Ubuntu
- Kubuntu and ssh-agent
- Manjaro and ssh-agent (1/2)
- Manjaro and ssh-agent (2/2)
Hope it helps some of you.