How do I add an SSH identity with passphrase once and forever?

Hi!

I run the official KDE version of Manjaro and I frequently use git on it (mainly with GitHub via SSH authentification).

Problem is, every time I create a new console session (say, after a reboot), before I can git push, I have to do the following:
eval $(ssh-agent)
ssh-add
after which steps a prompt appears saying
Enter passphrase for /home/andymac/.ssh/id_rsa:
and only after entering it I can use my SSH identity to push, pull, and so on.

Now what I want to achieve is something similar to macOS's
ssh-add -K
as described here. I want to only enter that passphrase once and never ever have to enter it again as long as I keep the same SSH identity.

As far as I understand, the
AddKeysToAgent yes
solution doesn't quite cut it, as with it the identity still won't persist across reboots.

So, what is the best way to achieve what I want, to only enter that passphrase once and never have to enter it again?

As for now this seems to be missing on KDE installations and some manual steps are required, see

1 Like

Hmm, but that is not the main issue. I'm fine with manually starting the ssh agent. After all, I can create a script that does just that and add it to autostart, no big deal.

The real problem is that it requires my SSH identity's passphrase again after a reboot, that's what I'm trying to get rid from.

Also, thank you for your input!

Personally I wouldn't, but you could remove the password from your ssh key.
Better to use kde wallet, see
https://wiki.archlinux.org/index.php/KDE_Wallet#Using_the_KDE_Wallet_to_store_ssh_key_passphrases

1 Like

Use the guide at ssh.com

https://www.ssh.com/ssh/copy-id

I realize the guide is not an answer - I do think the whole reason for having a passphrase is to protect your identity from abuse.

If you store the validation of your identity on the system - to avoid validation - you are crippling your identity.

Personally I use different identities for different services and without passphrase.

This of course weakens the identification but if the keys are kept in an encrypted home or in a an encrypted .ssh folder and unlocked manually then the weakening is theoretic.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by