Posts in category 'linux'

I have maybe a dozen machines I need to connect to on a regular basis and rather than configuring a bunch of sessions in something like Remmina I’ve found KeepassXC can do everything I need to both manage keys and make it easy to launch sessions attaching to those hosts.

Basic key management with KeepassXC is pretty straight forward:

1. Create an entry in KeepassXC for the host.
2. Fire up ssh-keygen and generate a new private key for the target host using a randomly generated, secure password¹.
3. Add the new key as a file attachment to the Keepass entry.
4. Set the ssh key for the Keepass entry to the attached file.
5. Set the password for the entry to the password for the key.
6. Set the URL for the entry to ssh://[user]@[host][:optional port].

KeepassXC comes with built in ssh agent integration, so you can select an entry and press C-h to add the key to the agent. At this point you could just fire up a terminal and ssh to the host manually.

However, KeepassXC also lets you press C-S-u to open the configured URL for the entry using xdg-open. The trouble is, by default, “ssh://” URLs don’t do anything. However, this is solvable with just a little bit of work.

Now, in my case, this is where jaro comes in.

Jaro is a highly flexible resource opener. You call it with a resource (e.g. a file name, URL, etc), and it’ll look into its list of configured associations and take some action.

In my case I set up a couple of associations as follows:

(assoc
  #:pattern "^ssh://((.*@)?(.*?)):([0-9]+)$"
  #:program "/path/to/kitty -o term=\"xterm-256color\" -o shell=\"/usr/bin/ssh -p %4 %1\"")
(assoc
  #:pattern "^ssh://((.*@)?(.*?))$"
  #:program "/path/to/kitty -o term=\"xterm-256color\" -o shell=\"/usr/bin/ssh %1\"")

The first pattern matches ssh URLs that include a port, and the second matches URLs without one. The rules then fire up kitty with ssh as the shell connecting to the desired host and port.

Next, we create a jaro.desktop file:

[Desktop Entry]
Name=jaro
GenericName=URL opener
Terminal=false
Exec=jaro %U
Type=Application
Categories=Utility;

And drop it into .local/share/applications.

Finally, we add the following line to .config/mimeapps.list:

x-scheme-handler/ssh=jaro.desktop

Now, upon pressing C-S-u, KeepassXC will use xdg-open to open the configured ssh:// URL, which, based on mimeapps.list launches jaro, which then consults the configured associations and fires up ssh in my preferred terminal.

I know this all sounds like a bit much, but I cannot tell you how incredibly convenient this is! Connecting to one of the many machines I admin is now a simple matter of opening KeepassXC, searching for the host name, selecting it and pressing C-h, C-S-u. Super handy!

I recently received the fantastic first laptop from a new company called Framework, which is specializing in building extremely user-serviceable, repairable, upgradeable laptops (in fact, they recently received a rare 10 out of 10 from iFixit). I opted for the DIY unit, which among other things allowed me to bring my own operating system, and for me the OS of choice is unquestionably Debian Linux.

Prior to receiving my Framework I’d been running Debian testing on a fifth generation Lenovo X1 Carbon. As is typically the case with Lenovo, the X1 worked extremely well with Linux. In fact, it worked far better than I’d ever expected of Linux on a laptop, which I’d come to assume was always an unreliable, janky affair.

Framework has similarly embraced the Linux community but, given the cutting edge hardware they’ve included, I was expecting some rough spots while drivers and so forth matured. And while this has turned out to be somewhat true, the good news is it’s been quite easy to get past those issues, and I’m happy to report that Debian testing is now working extremely well on my Framework.

In the rest of this write-up I cover the steps I took to get a fully functional Debian Bullseye installation running on my machine using the Gnome desktop environment (after which I did an in-place upgrade to Bookworm).

Of course, if you’re looking for a slightly more turnkey solution, I strongly recommend trying out Ubuntu 21.04, which ships with a kernel that fully supports the Framework hardware. You’ll still need to take steps to get the fingerprint reader working, but at least you can avoid compiling a kernel.