Setup SSH keys with Manjaro i3 and keychain

The following blog post details how I setup my SSH keys.
I always forget some of the moving parts. Then I have to painstakingly debug why ssh-add doesn’t remember my keys or why ssh-agent doesn’t work.

  1. Create ssh-keys with ssh-keygen.
cd ~/.ssh
ssh-keygen -t ed25519 -o -a 100

Make sure to save both public and private key inside ~/.ssh folder.

  1. Create configuration file

Create a new file ~/.ssh/config:

Host github
  User git
  IdentitiesOnly yes
  IdentityFile <path-to-public-ssh-key>
  AddKeysToAgent yes

Host gitlab
  User git
  IdentitiesOnly yes
  IdentityFile <path-to-public-ssh-key>
  AddKeysToAgent yes

IdentitiesOnly yes is important if you have more than one key. The default value, no, allows SSH to try every key you have in your configuration. That can lead to problems. The server might reject your connection, because the ssh utility sent the wrong key.

AddKeysToAgent yes will automatically add a key to the running ssh-agent.

  1. Add Keys to Server

For GitHub, Adding a new SSH key to your GitHub account.
For GitLab, Adding an SSH key to your GitLab account.

  1. Setup ssh-agent

There are several ways to manage the ssh-keys on your local machine. ssh-agent is the default agent that comes with OpenSSH.

I use keychain, a program that can manage an SSH session and helps with storing key passphrases across shells.

Install the package. Example with yay on Arch Linux:

yay -S keychain

Add this line to ~/.bashrc:

## add keychain
eval $(keychain --eval --quiet --noask --nogui <name-of-public-key-1> <name-of-public-key-2>)

For more options type keychain -h into your terminal.

Replace the names for the public keys. Remember that the keys must be saved inside the ~/.ssh folder.

The first time you use ssh you have to confirm the passphrase. But keychain remembers the passphrase within the same session (until next boot).

  1. Fix gnome-keyring

I originally installed gnome-keyring, because I hoped that it could help manage my keys.
But I couldn’t get it working with my ssh configuration.

gnome-keyring starts an internal ssh-agent. The daemon overwrites the default ssh-agent.
Make sure to disable the daemon components for SSH:

cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/

Add Hidden=true as the last line to the copied file.

Further Reading