{
 "metadata": {
  "name": "",
  "signature": "sha256:202c860d483a3cb62585158c981698b252b3fb3a87d37a35c60b8298cd8efb6c"
 },
 "nbformat": 3,
 "nbformat_minor": 0,
 "worksheets": [
  {
   "cells": [
    {
     "cell_type": "markdown",
     "metadata": {},
     "source": [
      "It's really handy to have all my SSH authentication be passwordless, but in a secure way. In openSUSE, the `ssh-agent` is started for you automatically, but you still need to add your identities manually (and enter passphrases when you do this).  That's a bit of a pain to do every time you login.\n",
      "  \n",
      "Here are some simple scripts and steps I use to set up my KDE session so that it will automatically load my SSH identities when I login."
     ]
    },
    {
     "cell_type": "markdown",
     "metadata": {},
     "source": [
      "<!-- TEASER_END -->"
     ]
    },
    {
     "cell_type": "markdown",
     "metadata": {},
     "source": [
      "There are three parts for this:\n",
      "\n",
      " 1. **Set up KDE's KWallet** with a master password.  KWallet will be remembering the passphrases for my SSH keys (as well as other passwords within KDE such as those for web sites visited with Konqueror and Chrome, or email passwords, SQL Connections and so on).  This makes it so that I only have to remember the KWallet master password to open my wallet at login, not all the different passphrases (you should use a different passphrase for each SSH key pair)\n",
      " 1. **Start `ssh-add` at login**, using the KDE password tool `ksshaskpass` to ask for the passphrases (and that will save them to my wallet)\n",
      " 1. **Automatically load all my SSH identities** (I have several, for work and for different code hosting systems on the net:  bitbucket and github)"
     ]
    },
    {
     "cell_type": "markdown",
     "metadata": {},
     "source": [
      "Setting up KWallet\n",
      "----\n",
      "\n",
      "You should only need to do this once:\n",
      "\n",
      " 1. Launch \"KDE Wallet Configuration\" (press **Alt-F2** or whichever shortcun runs **KRunner** in your setup) type **wallet** and pick the configuration tool from the list\n",
      " 1. Make sure **Enable the KDE wallet subsystem** is checked\n",
      " 1. **Launch Wallet Manager** and create a new wallet if you need to, setting the passphrase. *This is the one you need to remember and type every time you login to KDE*"
     ]
    },
    {
     "cell_type": "markdown",
     "metadata": {},
     "source": [
      "Setting up `ssh-add`\n",
      "----\n",
      "\n",
      "I use this script:\n",
      "\n",
      "```bash\n",
      "#!/bin/sh\n",
      "export SSH_ASKPASS=/usr/lib/ssh/ksshaskpass\n",
      "/usr/bin/ssh-add\n",
      "```\n",
      "\n",
      "Save this script to a location you keep your shell scripts, `chmod +x` it so it is executable. Then, it needs to be run automatically at KDE Startup. For this, you add it to the KDE Autostarts.\n",
      "\n",
      " 1. Launch the \"Autostart\" KDE Control Module (**Alt-F2**, **Autostart**)\n",
      " 1. Add a new Script File linking to where you saved the above script\n",
      " \n",
      "From now on, every time you start KDE, it'll run `ssh-add` and set it's password tool to be the KDE graphical password tool, `ksshaskpass`. That in turn uses KWallet for password storage, so if you need a password that's in the wallet, it'll retrieve it from there."
     ]
    },
    {
     "cell_type": "markdown",
     "metadata": {},
     "source": [
      "Adding my SSH identities at login\n",
      "----\n",
      "\n",
      "I use a second script:\n",
      "\n",
      "```bash\n",
      "#!/bin/bash\n",
      "# Finds all private key files (that are protected, based on mode bits) \n",
      "# and adds each to ssh agent\n",
      "for filename in ~/.ssh/*; do\n",
      "  perms=$(stat $filename|sed -n '/^Access: (/{s/Access: (\\([0-9]\\+\\).*$/\\1/;p}')\n",
      "  \n",
      "  filetype=$(file $filename)\n",
      "  \n",
      "  if [[ \"$perms\" == \"0600\" && \"$filetype\" == *\"private key\" ]]; then\n",
      "    ssh-add $filename\n",
      "  fi\n",
      "done\n",
      "```\n",
      "\n",
      "This one will pick out all the private keys from my SSH directory `~/.ssh`, adding them to my SSH agent's keychain.\n",
      "\n",
      "Add this to Autostart as another Script File. I've saved it as `~/.ssh/addkeys`.\n",
      "\n",
      "You need to `chmod +x addkeys` and run it once to add all the keys and enter their passphrases (so that they get added to your Wallet).\n",
      "\n",
      "Once the script has been run, whenever I need to login to an SSH session, if the identity is already in the agent's chain, I can get in without needing to type the passphrase."
     ]
    },
    {
     "cell_type": "markdown",
     "metadata": {},
     "source": [
      "So now that my wallet is set up, the two scripts are in place at Autostart, and I've run the `addkeys` script at least once to add the passphrasses to my wallet, I never need to enter passwords or passphrases when SSHing again (unless keys change or it's a new host)."
     ]
    }
   ],
   "metadata": {}
  }
 ]
}