# ssh-pass

I've been using pass for a while now and I really like it. But I don't like putting passwords or passphrases into my system clipboard if I can help it: writing code to sniff the clipboard is child's play, so I'd like to avoid that attack vector if possible.

One place that I thought would be simple would be the SSH utility to add keys to your SSH Agent: ssh-add. It should be possible to do something like this:

\$ pass github/sinewalker|head -1|ssh-add github/sinewalker


Unfortunately this isn't so: ssh-add doesn't accept your passphrase from STDIN when piped like this.

But, there is a way to do it.

The final part of the password puzzle is getting my passwords into my pocket. There are quite a few images in this post (about 2MB) as I describe setting up the system on Android, which involves a lot of steps, with screen-shots.

Hold onto your hat, it's a bit of a fiddle.

# Password databases: Migrating from KeePassX to Pass

I spent some spare hours on the week-end playing with Pass, importing my KeePassX database into password-store and synchronising it to a GitLab private repository.

It's a little tricky to get it set up, with a few moving parts, so I'm still experimenting. Here's what I've figured out so far.

It's really handy to have all my SSH authentication be passwordless, but in a secure way. In openSUSE, the ssh-agent is started for you automatically, but you still need to add your identities manually (and enter passphrases when you do this). That's a bit of a pain to do every time you login.