Setup SSH keys with Manjaro i3 and keychain
The following blog post details how I setup my SSH keys.
I always forget some of the moving parts. Then I have to painstakingly debug why ssh-add
doesn’t remember my keys or why ssh-agent
doesn’t work.
- Create ssh-keys with
ssh-keygen
.
cd ~/.ssh
ssh-keygen -t ed25519 -o -a 100
Make sure to save both public and private key inside ~/.ssh
folder.
- Create configuration file
Create a new file ~/.ssh/config
:
Host github
HostName github.com
User git
IdentitiesOnly yes
IdentityFile <path-to-public-ssh-key>
AddKeysToAgent yes
Host gitlab
HostName gitlab.com
User git
IdentitiesOnly yes
IdentityFile <path-to-public-ssh-key>
AddKeysToAgent yes
IdentitiesOnly yes
is important if you have more than one key. The default value, no
, allows SSH to try every key you have in your configuration. That can lead to problems. The server might reject your connection, because the ssh utility sent the wrong key.
AddKeysToAgent yes
will automatically add a key to the running ssh-agent
.
- Add Keys to Server
For GitHub, Adding a new SSH key to your GitHub account.
For GitLab, Adding an SSH key to your GitLab account.
- Setup ssh-agent
There are several ways to manage the ssh-keys on your local machine. ssh-agent
is the default agent that comes with OpenSSH.
I use keychain, a program that can manage an SSH session and helps with storing key passphrases across shells.
Install the package. Example with yay on Arch Linux:
yay -S keychain
Add this line to ~/.bashrc
:
## add keychain
eval $(keychain --eval --quiet --noask --nogui <name-of-public-key-1> <name-of-public-key-2>)
For more options type keychain -h
into your terminal.
Replace the names for the public keys. Remember that the keys must be saved inside the ~/.ssh
folder.
The first time you use ssh you have to confirm the passphrase. But keychain remembers the passphrase within the same session (until next boot).
- Fix gnome-keyring
I originally installed gnome-keyring, because I hoped that it could help manage my keys.
But I couldn’t get it working with my ssh configuration.
gnome-keyring starts an internal ssh-agent. The daemon overwrites the default ssh-agent
.
Make sure to disable the daemon components for SSH:
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/
Add Hidden=true
as the last line to the copied file.