SSH Agent: Add SSH_AUTH_SOCK override and connection test #3801
Conversation
|
Just built and installed it on Arch Linux, it seems to work -- doesn't complain about ssh-agent not running once I gave it what my terminal's Edit: I might have been a bit too quick to talk, SSH doesn't seem to work at all for some reason. I tried I'm gonna go try to figure out why that happens. Edit: I think I figured out what's happening. Every SSH key you add and set up in KeepassXC creates a KeeAgent.settings file in -- Note that it would be better if the KeeAgent.settings file was instead getting appended with any new keys added rather than completely replaced. Final Edit: Nevermind, apparently I had badly setup the SSH Agent settings for the entries, after redoing them and restarting this KeepassXC version, both git and ssh stopped complaining and it worked fine. Both of my previous edits can be ignored. |
|
It was a wild ride to read for sure! Raised my eyebrows when I read KeeAgent.settings file being created in Good you got it working in the end. |
|
Yeah, I have absolutely no clue how that KeeAgent.settings file appeared there. I think I deleted it from there and nothing broke, so it's likely that I accidentally opened it from one of the attachments and then saved it there or something and forgot about it. The SSH Agent settings for the entries though that are a problem is if you set up the path to the private key in external file, everything works fine, if you add the private key as an attachment and use that, instead of the external file setting on the SSH Agent page of entries, it doesn't work. I'm not sure why exactly. I was figuring if the SSH private key and the password are in the database, then ssh-ing into stuff would be even easier... But now that I think about it, ssh-agent would need to know what private key you're talking about and "it's inside this kbdx file" likely isn't a valid answer. I'm thinking the point of attaching it is that if you move to a different machine you have your ssh key in the db so you can pull it out and use it normally. |
|
When a key is loaded into Some people prefer to keep the key file external and only keep its passphrase in the KDBX file. I use an attachment so I don't need to move the key file around as it comes and works with the database as-is. |
hifi
force-pushed
the
sshagent-socketpath
branch
2 times, most recently
from
a34ffc9 to
aed4a6a
Compare
|
Hmmm, it's odd that it didn't work as attachments but did as external files then. Edit: I think I figured out why it didn't work as attachments but I'm not sure how to fix it. In |
|
You can use an exported public key as the |
|
Interesting. I'm gonna try that, I'm curious. Nope, using a public key as the IdentityFile doesn't work any better. I get the following error message: Same as I'd get if I continued using the private key as the |
|
"agent refused operation" usually means you have a constraint enabled when adding a key that cannot be fulfilled at the time you are using the key. Check that you don't have any constraints enabled on KeePassXC end for the entry and try again. |
|
What constraints? Where do I find those? |
hifi
force-pushed
the
sshagent-socketpath
branch
from
aed4a6a to
0ec6a3a
Compare
|
The constraints are the usage limits per key like require confirmation before use. That for one requires an "ask pass" implementation and if for some reason it can't be launched by the agent it will just refuse to work. |
hifi
force-pushed
the
sshagent-socketpath
branch
from
0ec6a3a to
95cbfd9
Compare
droidmonkey
force-pushed
the
sshagent-socketpath
branch
from
95cbfd9 to
b922c47
Compare
droidmonkey
force-pushed
the
sshagent-socketpath
branch
from
b922c47 to
12b771a
Compare
droidmonkey
force-pushed
the
sshagent-socketpath
branch
from
12b771a to
3e164e3
Compare
Added - Custom Light and Dark themes [#4110, #4769, #4791, #4796, #4892, #4915] - Compact mode to use classic Group and Entry line height [#4910] - View menu to quickly switch themes, compact mode, and toggle UI elements [#4910] - Search for groups and scope search to matched groups [#4705] - Save Database Backup feature [#4550] - Sort entries by "natural order" and move lines up/down [#4357] - Option to launch KeePassXC on system startup/login [#4675] - Caps Lock warning on password input fields [#3646] - Add "Size" column to entry view [#4588] - Browser-like tab experience using Ctrl+[Num] (Alt+[Num] on Linux) [#4063, #4305] - Password Generator: Define additional characters to choose from [#3876] - Reports: Database password health check (offline) [#3993] - Reports: HIBP online service to check for breached passwords [#4438] - Auto-Type: DateTime placeholders [#4409] - Browser: Show group name in results sent to browser extension [#4111] - Browser: Ability to define a custom browser location (macOS and Linux only) [#4148] - Browser: Ability to change root group UUID and inline edit connection ID [#4315, #4591] - CLI: `db-info` command [#4231] - CLI: Use wl-clipboard if xclip is not available (Linux) [#4323] - CLI: Incorporate xclip into snap builds [#4697] - SSH Agent: Key file path env substitution, SSH_AUTH_SOCK override, and connection test [#3769, #3801, #4545] - SSH Agent: Context menu actions to add/remove keys [#4290] Changed - Complete replacement of default database icons [#4699] - Complete replacement of application icons [#4066, #4161, #4203, #4411] - Complete rewrite of documentation and manpages using Asciidoctor [#4937] - Complete refactor of config files; separate between local and roaming [#4665] - Complete refactor of browser integration and proxy code [#4680] - Complete refactor of hardware key integration (YubiKey and OnlyKey) [#4584, #4843] - Significantly improve performance when saving and opening databases [#4309, #4833] - Remove read-only detection for database files [#4508] - Overhaul of password fields and password generator [#4367] - Replace instances of "Master Key" with "Database Credentials" [#4929] - Change settings checkboxes to positive phrasing for consistency [#4715] - Improve UX of using entry actions (focus fix) [#3893] - Set expiration time to Now when enabling entry expiration [#4406] - Always show "New Entry" in context menu [#4617] - Issue warning before adding large attachments [#4651] - Improve importing OPVault [#4630] - Improve AutoOpen capability [#3901, #4752] - Check for updates every 7 days even while still running [#4752] - Improve Windows installer UI/UX [#4675] - Improve config file handling of portable distribution [#4131, #4752] - macOS: Hide dock icon when application is hidden to tray [#4782] - Browser: Use unlock dialog to improve UX of opening a locked database [#3698] - Browser: Improve database and entry settings experience [#4392, #4591] - Browser: Improve confirm access dialog [#2143, #4660] - KeeShare: Improve monitoring file changes of shares [#4720] - CLI: Rename `create` command to `db-create` [#4231] - CLI: Cleanup `db-create` options (`--set-key-file` and `--set-password`) [#4313] - CLI: Use stderr for help text and password prompts [#4086, #4623] - FdoSecrets: Display existing secret service process [#4128] Fixed - Fix changing focus around the main window using tab key [#4641] - Fix search field clearing while still using the application [#4368] - Improve search help widget displaying on macOS and Linux [#4236] - Return keyboard focus after editing an entry [#4287] - Reset database path after failed "Save As" [#4526] - Use SHA256 Digest for Windows code signing [#4129] - Improve handling of ccache when building [#4104, #4335] - macOS: Properly re-hide application window after browser integration and Auto-Type usage [#4909] - Auto-Type: Fix crash when performing on new entry [#4132] - Browser: Send legacy HTTP settings to recycle bin [#4589] - Browser: Fix merging browser keys [#4685] - CLI: Fix encoding when exporting database [#3921] - SSH Agent: Improve reliability and underlying code [#3833, #4256, #4549, #4595] - FdoSecrets: Fix crash when editing settings before service is enabled [#4332]
phoerious
added
pr: new feature
In issue #3683 and many others, the agent socket path environment variable is either missing or wrong in KeePassXC. Added a view to current effective environment variable and an override field to set a static path if so desired.
This work has been kindly supported by my employer, Vincit.
Type of change
Description and Context
Fixes #3795
Screenshots
Testing strategy
Manual testing on Linux. Manual testing of agent connection test on Windows against Pageant and OpenSSH for Windows. Possibly needs to be tested on macOS but it should be fine.
Checklist: