Setup SSH keys with Manjaro i3 and keychain
The following blog post details how I setup my SSH keys.
I always forget some of the moving parts. Then I have to painstakingly debug why
ssh-add doesn’t remember my keys or why
ssh-agent doesn’t work.
- Create ssh-keys with
cd ~/.ssh ssh-keygen -t ed25519 -o -a 100
Make sure to save both public and private key inside
- Create configuration file
Create a new file
Host github HostName github.com User git IdentitiesOnly yes IdentityFile <path-to-public-ssh-key> AddKeysToAgent yes Host gitlab HostName gitlab.com User git IdentitiesOnly yes IdentityFile <path-to-public-ssh-key> AddKeysToAgent yes
IdentitiesOnly yes is important if you have more than one key. The default value,
no, allows SSH to try every key you have in your configuration. That can lead to problems. The server might reject your connection, because the ssh utility sent the wrong key.
AddKeysToAgent yes will automatically add a key to the running
- Add Keys to Server
- Setup ssh-agent
There are several ways to manage the ssh-keys on your local machine.
ssh-agent is the default agent that comes with OpenSSH.
I use keychain, a program that can manage an SSH session and helps with storing key passphrases across shells.
Install the package. Example with yay on Arch Linux:
yay -S keychain
Add this line to
## add keychain eval $(keychain --eval --quiet --noask --nogui <name-of-public-key-1> <name-of-public-key-2>)
For more options type
keychain -h into your terminal.
Replace the names for the public keys. Remember that the keys must be saved inside the
The first time you use ssh you have to confirm the passphrase. But keychain remembers the passphrase within the same session (until next boot).
- Fix gnome-keyring
I originally installed gnome-keyring, because I hoped that it could help manage my keys.
But I couldn’t get it working with my ssh configuration.
gnome-keyring starts an internal ssh-agent. The daemon overwrites the default
Make sure to disable the daemon components for SSH:
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/
Hidden=true as the last line to the copied file.