Ssh-agent and kdewallet

Leap 15.5 (upgraded in a row from 13.X)
KDE/Plasma, Wayland

For years now I’m using a script like this:

#!/bin/sh
[ -n "$SSH_AGENT_PID" ] || eval "$(ssh-agent -s)"
SSH_ASKPASS=/usr/lib/ssh/ksshaskpass
export SSH_ASKPASS

to get ssh-agent up and running at login time for all my bash sessions. Works fine, have to enter PW once during login. Location etc. of script has changed in history, from kde4 to kde5, from X to Wayland…, but works.

In parallel, since a long time also kdewallet starts at login, asking me also for the master PW. Stored in kdewallet is also the ssh-agent PW, named “ksshaskpass”.

My question:
What must I do to “tell” ssh-agent to use the PW already stored in kdewallet?

As I can see, e.g. my Nextcloud desktop app uses it’s PWs stored in kdewallet at once, as soon as kdewallet is opened, after entering the master PW.

I use:

ssh-agent -s < /dev/null

That way, ssh-agent starts the $SSH_ASKPASS instead of prompting at the terminal.

1 Like

First export SSH_ASKPASS, then start ssh-agent.

1 Like

THANKS to all who helped!

Maybe of interest for others, as it really took me a while…

I now have a “script before login”, in ~/.config/plasma-workspace/env/:

#!/bin/sh
SSH_ASKPASS=/usr/lib/ssh/ksshaskpass
export SSH_ASKPASS
[ -n "$SSH_AGENT_PID" ] || eval "$(ssh-agent -s)"

(As @arvidjaar mentioned: first export SSH_ASKPASS, then the start the agent…)

But the “magic moment” for me was a hint in an internet found saying that a DELAY might be necessary!
So I’ve changed my ssh-add script in ~/.config/autostart and added the (simple :-S) line “sleep 30”:

#!/bin/bash
sleep 30
ssh-add ~/.ssh/id_rsa

NOW I’ve enough time to enter my kdewallet password, once it’s prompting for it, and after that, ssh-add is able to use the kdewallet stored password. I’m now, as wanted, only prompted once, no ksshaskpass dialogue, anymore.

NO CLUE, why Nextcloud desktop app is able to say “hey, I want my stored-in-kdewallet-pw, and, as it’s not opened after login, open it!” Whereas ssh-agent/ssh-add/whatever seems not to be able to “request” kdewallet to be opened, only able to use it ** IF ** opened already, otherwise prompting for PW…

But works :smiley:

FInal remark, to be complete: Internet found also mentioned a shutdown script, so I’ve also a script in ~/config/plasma-workspace/shutdown/:

#!/bin/sh
[ -z "$SSH_AGENT_PID" ] || eval "$(ssh-agent -k)"