24

I want to save an SSH key passphrase in gnome-keyring and then use it automatically when I need it.

How to do this?

Martin Monperrus
  • 1,221
  • 3
  • 12
  • 20

4 Answers4

16

If gnome-keyring-daemon is already running, you can use ssh-add to add your key to the service:

ssh-add /path/to/private/key

For example:

ssh-add ~/.ssh/id_rsa
zackse
  • 1,513
  • 9
  • 10
9

To save the passphrase, use seahorse-ssh-askpass from package seahorse:

cd $HOME/.ssh
/usr/lib/seahorse/seahorse-ssh-askpass my_key

Make sure that the public key is the filename of the private key plus .pub, in the example my_key.pub

To automatically use the key afterwards, see "Gnome Keyring dialog and SSH" and at first use, check "Automatically unlock this key whenever I'm logged in".

AdminBee
  • 21,637
  • 21
  • 47
  • 71
Martin Monperrus
  • 1,221
  • 3
  • 12
  • 20
  • 6
    I used this command successfully with Ubuntu 10.04, it seems like it was not even required in Ubuntu 12.04, but with Ubuntu 14.04 I can't seem to be able to store my ssh key password. `seahorse-ssh-askpass` just prints the password I enter to stdout!!! – asoundmove Mar 20 '17 at 11:52
  • 1
    @asoundmove: I had the same experience on 16.04. You can use the seahorse prompt utility via `ssh-add`, however: `SSH_ASKPASS=/usr/lib/seahorse/seahorse-ssh-askpass ssh-add /path/to/private/key – zackse Nov 12 '18 at 22:26
  • `seahorse-ssh-askpass` is just `ssh-askpass` in my system. [Arch Wiki](https://wiki.archlinux.org/index.php/GNOME/Keyring#SSH_keys) – Marc.2377 Nov 05 '19 at 01:35
  • 2
    @zackse - In Ubuntu (19.10 at the moment) it is `/usr/libexec/seahorse/ssh-askpass`, but… yes, it adds the key to the agent and uses graphical prompt but this doesn't solve the problem. Next time I have to add the key again and enter the passphrase again… – silverdr Dec 10 '19 at 13:27
  • The important part for me was to have the public and private key pair in the same place – smac89 Jun 09 '21 at 16:20
2

If you are using gnome-keyring-daemon but a ssh-agent that is not managed by the keyring, you can still manually store the passphrase in the keyring and use secret-tool (via apt install libsecret-tools) and an expect script (via apt install expect) when adding the key to your agent:

# Save passphrase to keyring via same format used by seahorse-ssh-askpass
# only required if entry does not already exist in the keyring
secret-tool store --label="Unlock password for: id_ed25519" unique "ssh-store:/home/$USER/.ssh/id_ed25519"

# Load key into ssh agent
FILE="/home/$USER/.ssh/id_ed25519"
PASS=$(secret-tool lookup unique ssh-store:$FILE)
/usr/bin/expect <(echo "
spawn ssh-add $FILE
expect \"Enter passphrase for $FILE\"
send -- \"$PASS\n\"
expect eof")

# Results should look like:
Enter passphrase for /home/username/.ssh/id_ed25519: 
Identity added: /home/username/.ssh/id_ed25519 ([email protected])
Greg Bray
  • 379
  • 4
  • 14
0

Make sure your private (e.g. mykey) and public (e.g. mykey.pub) key are stored in the ~/.ssh directory. Then it will be loaded automatically.

From Gnome Keyring docs (Automatically loading SSH Keys):

The SSH agent automatically loads files in ~/.ssh which have corresponding *.pub paired files. Additional SSH keys can be manually loaded and managed via the ssh-add command.

Dev0ps
  • 1
  • 1