8

Please help me understand how to install SSH keychain on my Ubuntu under WSL in order for me to be able to configure my .ssh/config to use it.

I'm taking some online training, and I've tried setting up my config file like the instructor (who is using Metatron CLI), using Usekeychain, but it does not recognise that as a valid setting:

Host*
    AddKeysToAgent Yes
    UseKeychain Yes
    IdentityFile ~/.ssh/[his githubfile]

But when I tried login into my server it said UseKeychain is not a command. Since then, I've since been trying to find how to add my key to my keychain and how to setup my config file.

NotTheDr01ds
  • 22,381
Abayomi Usman
  • 89
  • Please try to use the correct terms. Seems like you are asking how to add your public key to a server. However maybe you are not, because "keyrings" and "config file" might mean that you are trying to do something else entirely. We cannot give you a clear answer to an unclear question. – user535733 Aug 06 '21 at 14:26
  • it is not clear what you are trying to do. Please edit your question and add the following information. Are you trying to setup SSH so that you can be somewhere else and access the WSL from another computer? Or are you trying to setup SSH so that you can sit in front of the WSL and connect to a computer far away? – user68186 Aug 06 '21 at 20:27

2 Answers2

12

Part of your problem, at least, is that UseKeychain is a MacOS-specific configuration option which instructs it to add the unlocked key to the MacOS Keychain (part of that OS that can store it securely). So we can assume that your instructor is on a Mac. It sounds like the Mac version of ssh will read the OS keychain, which is typically unlocked on first use across the whole OS. My understanding is that there are equivalents under Ubuntu, like Gnome Keyring, but this won't work under WSL.

So let's start with the fact that you'll need to remove that MacOS-specific configuration option under Ubuntu, at least.

If your instructor is providing that config file to students as an example, they really should do it properly with:

Host*
    IgnoreUnknown UseKeychain    
    AddKeysToAgent Yes
    UseKeychain Yes
    IdentityFile ~/.ssh/[his githubfile]

That would allow it to work both on a Mac as well as the (90%+) rest of the world.

Under WSL Ubuntu, you will need to enter the passphrase at least once in each session to add it to ssh-agent. If you run multiple shell instances, you'll typically need a new ssh-agent invocation in each shell.

Alternatively, you can install Funtoo keychain which can (more) easily set up the connection to ssh-agent in each shell instance. This can allow you to only need to enter the passphrase once as long as the WSL instance is working.

sudo apt-get install keychain

And add something like the following to your ~/.bashrc:

eval `keychain --eval --agents ssh id_rsa`

See the official keychain website for full instructions.

Please note, once the WSL Ubuntu instance terminates (wsl -l -v shows "Stopped") then the passphrase will need to be entered again on next use.

NotTheDr01ds
  • 22,381
  • Thank you so much I have been able to add my key to the keychain and it's now running thank you so much! So that means I don't need to create a config file in my .ssh folder, am I right? – Abayomi Usman Aug 08 '21 at 12:50
  • @AbayomiUsman True, with keychain set up, that particular config file doesn't add anything for your scenario, so you can leave it out. – NotTheDr01ds Aug 08 '21 at 15:17
0

I'm assuming you trying to create a key pair and add it to you ssh-agent if so here are your instructions. If not We are all going to need more information.

Simplest instructions.

  1. cd ~/.ssh
  2. ssh-keygen (answer the corresponding questions) Now we need to add the key to ssh-agent
  3. eval ssh-agent -s
  4. ssh-add nameOfYourKey

now you have a key your system can use. export it to your remote system and setup your config file

Bradley Armstrong
  • 61
  • That is my root problem, setting up my config file, please teach me how to. adding my key to my ssh-agent was my secondary problem and you just instructed me on what to do, but before i can do anything on that now, i don't know if it's my public key i'm supposed to add to the ssh-agent or my private key. Also the whole essence of what i'm doing is to be able to connect to my server from my private computer without having to add my private key each time i want to login to my server – Abayomi Usman Aug 07 '21 at 13:16
  • ssh-agent -s SSH_AUTH_SOCK=/tmp/ssh-bqzi9yz6mZsX/agent.16952; export SSH_AUTH_SOCK; SSH_AGENT_PID=16953; export SSH_AGENT_PID; echo Agent pid 16953; abayomi@AbayomiUsman:~/.ssh$ ssh-add balfyp Could not open a connection to your authentication agent. – Abayomi Usman Aug 07 '21 at 14:22
  • That's what i got when tried to follow the instructions you have just given me, i couldn't successfully add the private key, i tried adding public key instead i got the same error. – Abayomi Usman Aug 07 '21 at 14:23
  • here is a YouTube video to walk you through all of it https://www.youtube.com/watch?v=5JvU9wcZSbA&list=PLT98CRl2KxKGXz6l_5mpNKi-vJyR4MQ4e&index=2 – Bradley Armstrong Aug 09 '21 at 16:52
  • If you are trying to put this in your .bashrc (or .zshrc, etc) put backticks around the eval command, and this should work. Like this, eval `ssh-agent -s` – TWA Oct 28 '21 at 20:32