Hi,
What Is the native/official way to handle ssh keys in Haiku system-wide?
I tried using ssh-agent but I did not manage to make It work outside of the terminal I launch it in: applications launched from this terminal do have access to ssh keys, applications launched from tracker do not.
Nice one, also having this issue with Kommit, have to launch it from Terminal after adding credentials with ssh-add.
Worth opening a ticket on dev.haiku-os.org ?
Not sure, maybe this should/could be handled at application level? Already mentioned that upstream with Kommit, they would look into it, but so far haven’t seen an update yet there.
EDIT: couldn’t hurt though, and maybe at the bug tracker they could give some insight on how to do it?
I use the keychain package to manage the ssh-agent process between open Terminal sessions and I have also added a line to my ~/config/settings/boot/UserSetupEnvironment which makes the environment variables available to GUI applications launched from Tracker…
[[ -s /system/data/profile.d/keychain.sh ]] && \
source /system/data/profile.d/keychain.sh
With this in place I can use KeePassXC to hold my ssh keys. I launch KeePassXC from Tracker or QuickLaunch to have it add the keys to the ssh-agent when my password database is unlocked. I can also use other GUI apps launched from Tracker that use ssh/libssh, such as GittyUp.
5 Likes
Will try, thanks!
Ahoy @Lrrr ,
Could it be added to the Nightly Beta6 image ?
I mean then in that case who installs KeePassXC on Haiku could benefit of it as well …
I did how you suggested, but it seems to only work if the GUI application (Genio, in this case) is launched from the terminal where I used ssh-add.
I’ll do more tests with different applications, anyway
Is the basic keychain functionality working in other Terminal sessions? If you run ssh-add -l does it show the keys that you have added from a different Terminal?
Put it to ~/config/settings/ssh. What is the point of ssh agents?
1 Like
It is so that I do not have to store my private keys as regular files on disk where some bad app or script can grab them and upload them or use them.
In Haiku everything runs as root, so bad apps can access everywhere and load kernel code.
1 Like
Perhaps, but I use these same keys on other operating systems and so this makes it easy to keep them in sync and available on each of them because I can access my password database from nextcloud. These other operating systems do not have the same permission problem as Haiku and so it makes more sense to do it there.
I would not trust storing passwords in big corporations cloud.
1 Like
Nextcloud is open source and I am running it self-hosted on one of my extra computers. In addition, they are not stored as regular files, so someone would have to break the encryption on my KeePass database first.
That is fine then.
Sounds like environment variables issue. Tracker do not set many environment variables.
2 Likes
In Genio we use libgit2 to handle the git stuff. Libgit2 can access the ssh agent to retrieve the keys. Without this, I have to implement selecting the ssh keys inside Genio, because libgit2 can’t read the keys on its own.
Bingo!
I see SSH_AUTH_SOCK and SSH_AGENT_PID, which I guess are used to detect the ssh agent.
How should this be handled, then ? I thought the environment variables set in the user profile were copied into every application’s environment
A am not sure. Maybe Tracker should setup environment variables or use lanuch_daemon.
2 Likes