2

I am running on Pop!_OS so for most things this is likely an aquivalent of Ubuntu. KeepassXC is installed and the SSH-Agent is enabled. There is a keyphrase configured with a key and it works just like a charm when I start keepassxc from the terminal keepassxc log in and then I can see that ssh-add -l lists an additional key. It also vanishes once I close KeePassXC. Perfect!

Now I start keypassXC from the gnome shell, hit the super key, search for keepassXC and log into its vault. Looking at ssh-add -l in the terminal: Nothing. No keys added.

Now I took a look at /usr/share/applications/org.keepassxc.KeePassXC.desktop and changed Terminal=false to true. No, sadly not that easy.

My guess that it has something to do how the gnome shell starts KeePassXC, but can't say for sure what the problem is. Anyone got a clue what that could be or how to take a shot at the problem?

tilois
  • 682
  • 5
  • 15
  • I am experiencing this too, on stock Ubuntu 16.04.6 with Unity. What I am finding is that the ssh-agent should be started by the window manager and not by shell startup scripts like .bashrc. That way KeepassXC also has access to the environmental variable, SSH_AUTH_SOCK. https://github.com/keepassxreboot/keepassxc/issues/3683#issuecomment-549669624 There is a commit in that should be released in version 2.6.0 (scheduled release 3, April 2020) that would allow you to override this but I see this as a sub-optimal solution. https://github.com/keepassxreboot/keepassxc/pull/3801 – frederickjh Mar 20 '20 at 08:14

1 Answers1

2

I got the KeepassXC ssh agent working on Ubuntu 16.04.6 with Unity as the window manager.

The issue is that if the SSH_AUTH_SOCK environmental variable is not set before the window manager starts it is not available for programs started in the window manager.

Some distributions have a system for starting programs such as the ssh-agent before the window manager. On my distro I found that /etc/X11/Xsession.d/90x11-common_ssh-agent was starting ssh-agent. See this comment on a user help issue for KeepassXC for more information.

However I also found that GNOME Keyring was starting an ssh agent of its own. I had to disable this in the startup applications. I also checked that no shells startup scripts (ie. .bashrc .bash_profile .profile .config/fish/config.fish were trying to start the ssh-agent, as doing so would replace the one started before the window manager.

An interesting side note, the ttys, that you get to with Ctrl+Alt+F1, Ctrl+AltF2, etc., also do not have the SSH_AUTH_SOCK environmental variable set as they start up before the window manager. If you need it here you can add code to find and set the SSH_AUTH_SOCK. For the fish shell I added the following to ~/.config/fish/config.fish:

# Set SSH_AUTH_SOCK if not set.
if test -z "$SSH_AUTH_SOCK";
  set -gx SSH_AUTH_SOCK (find /tmp/ -path "/tmp/ssh-*/agent.*" 2>/dev/null)
end

I also found that in the upcoming 2.6.0 release of KeepassXC (targeted for 3. April 2020), there will be an added settings to allow overriding, or settings the value to use for SSH_AUTH_SOCK. However as this changes each time ssh-agent starts you will either need to keep changing it or set-up a link that would point to the current sock.

frederickjh
  • 1,739
  • 1
  • 11
  • 10