From 106f5faba0e8e5dc844a806a9149316b2657951b Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Thu, 16 Jun 2022 20:51:52 -0400 Subject: Rewrite and simplification of id-init Did a complete rewrite and simplication of id-init to use only pass and to cutout KeePassXC. The new implementation simply creates a temporary executable that runs "pass ssh", sets it as the SSH_ASKPASS program, and runs ssh-add. This prompts for and caches the GPG key password when running "pass ssh". The output of that command is then used as the input for the password prompt of ssh-add, which then succeeds and adds the SSH key to the agent. --- .local/bin/id-init | 40 +++++++++------------------------------- 1 file changed, 9 insertions(+), 31 deletions(-) (limited to '.local/bin') diff --git a/.local/bin/id-init b/.local/bin/id-init index 11221c3..72f8cbe 100755 --- a/.local/bin/id-init +++ b/.local/bin/id-init @@ -1,31 +1,9 @@ -#!/bin/bash -# -# Initalizes various identity management programs -# -# Must be run with bash (or probably any other shell that is not narrowly posix-compliant) -# to use here-string redirection - -# Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC -# Caching the GPG passphrase will allow access to pass without user input -# -# gpg-agent must be started with --allow-preset-passhprase or have it in the config file -# gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours -# you may want to increase that if you want the password to be cached for the whole session - -get_pass() { - continue=1 - while [ $continue -eq 1 ] - do - keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG - continue=$? - done -} - -KEYGRIP="$(gpg -K --with-keygrip --with-colons | grep grp | tail -n 1 | cut -d':' -f10)" -/usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP <<< "$(get_pass)" - -# Open graphical KeePassXC with password stored in pass, now that pass can be accessed -# without entering credentials for the GPG key -# This will also add SSH keys to ssh-agent - -keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)" +#!/bin/sh + +tmpfile="$(mktemp)" +chmod 700 $tmpfile +echo "pass ssh" > $tmpfile +export SSH_ASKPASS="$tmpfile" +export SSH_ASKPASS_REQUIRE="force" +ssh-add +rm $tmpfile -- cgit v1.2.3