<jD91mZM2>
Hi guys! I've for long been struggling with how to enter my SSH and GPG keys' passphrases. I've tried stuff like GNOME Keyring and KDE Wallet, but both of those have been a little too magical to me, mainly because they randomly broke after updates. I have for long been using GPG's SSH support, but that still requires unlocking your keys after each relog. It also requires running `ssh-add`
<jD91mZM2>
once before it works, as I found out after probably spending an hour on searching after why the gpg agent didn't work. I decided that I should maybe use the Funtoo keychain application, but there's no askpass as good as pinentry... So I decided to roll my own, in an attempt to not even get this problem again. My solution ended up being
<rycee>
jD91mZM2: Seems interesting :-) Dunno if it would be suitable as a module in HM, though. It's not something I've heard people worry about before.
<rycee>
But perhaps could add an option somewhere to allow, e.g., alternative ssh-askpass implementations.
<jD91mZM2>
There already is, by setting the environment variable :)
<rycee>
Hehe, yeah :-)
<jD91mZM2>
I could make this change available from the ssh-askpass repo instead :)
<jD91mZM2>
Off topic, how do you handle your SSH keys?
<rycee>
Yeah, you could always distribute a HM module in the project or in your NUR.
<rycee>
I use gpg-agent with a yubikey for my main SSH key with a few other keys on disk.
<rycee>
I typically generate the SSH key from a GPG key.
<jD91mZM2>
TIL that's possible
<rycee>
I rarely do multiple logins per day but I do pull the yubikey out quite often and have to enter the pin again. Fortunately it is possible to have a relatively short pin when your key is on a hardware token so it is quick to type :-)
<rycee>
The SSH key is just a GPG authentication sub-key. Quite handy to have all of them in the same place and generated from the same master key.
<jD91mZM2>
I see, thanks :D
<jD91mZM2>
Wait, does that mean you don't need a separate passphrase for your SSH keys?
<rycee>
Yeah.
<jD91mZM2>
Wow, amazing. I really need to look into this