• photo

      Ahh Christmas season is upon us and my favourite decoration is up! Merry Khanmas!

      #Christmas #StarTrek
      (https://b-ark.ca/cY_2sE)
    • note

      For anyone making use of my RSS feeds, I made some changes to simplify the template while making some content formatting changes (e.g. inlining the feature image at the start of longer articles/reviews). I’ve also limited the main feed to 25 posts instead of 50, which seemed excessive. While I tested with an offline reader, I can’t guarantee things won’t break, so if they do, please let me know!

      #indieweb
      (https://b-ark.ca/aeWseM)

  • KeepassXC + SSH

    2 min read

    I use KeepassXC to store my SSH keys, and with a bit of configuration I can hit one hotkey to add a key to my agent, and then another hotkey to open my preferred shell ssh’ing to the target. Here’s how I do it!

    #linux

    I have maybe a dozen machines I need to connect to on a regular basis and rather than configuring a bunch of sessions in something like Remmina I’ve found KeepassXC can do everything I need to both manage keys and make it easy to launch sessions attaching to those hosts.

    Basic key management with KeepassXC is pretty straight forward:

    1. Create an entry in KeepassXC for the host.
    2. Fire up ssh-keygen and generate a new private key for the target host using a randomly generated, secure password1.
    3. Add the new key as a file attachment to the Keepass entry.
    4. Set the ssh key for the Keepass entry to the attached file.
    5. Set the password for the entry to the password for the key.
    6. Set the URL for the entry to ssh://[user]@[host][:optional port].

    KeepassXC comes with built in ssh agent integration, so you can select an entry and press C-h to add the key to the agent. At this point you could just fire up a terminal and ssh to the host manually.

    However, KeepassXC also lets you press C-S-u to open the configured URL for the entry using xdg-open. The trouble is, by default, “ssh://” URLs don’t do anything. However, this is solvable with just a little bit of work.

    Now, in my case, this is where jaro comes in.

    Jaro is a highly flexible resource opener. You call it with a resource (e.g. a file name, URL, etc), and it’ll look into its list of configured associations and take some action.

    In my case I set up a couple of associations as follows:

    (assoc
  #:pattern "^ssh://((.*@)?(.*?)):([0-9]+)$"
  #:program "/path/to/kitty -o term=\"xterm-256color\" -o shell=\"/usr/bin/ssh -p %4 %1\"")
(assoc
  #:pattern "^ssh://((.*@)?(.*?))$"
  #:program "/path/to/kitty -o term=\"xterm-256color\" -o shell=\"/usr/bin/ssh %1\"")

    The first pattern matches ssh URLs that include a port, and the second matches URLs without one. The rules then fire up kitty with ssh as the shell connecting to the desired host and port.

    Next, we create a jaro.desktop file:

    [Desktop Entry]
Name=jaro
GenericName=URL opener
Terminal=false
Exec=jaro %U
Type=Application
Categories=Utility;

    And drop it into .local/share/applications.

    Finally, we add the following line to .config/mimeapps.list:

    x-scheme-handler/ssh=jaro.desktop

    Now, upon pressing C-S-u, KeepassXC will use xdg-open to open the configured ssh:// URL, which, based on mimeapps.list launches jaro, which then consults the configured associations and fires up ssh in my preferred terminal.

    I know this all sounds like a bit much, but I cannot tell you how incredibly convenient this is! Connecting to one of the many machines I admin is now a simple matter of opening KeepassXC, searching for the host name, selecting it and pressing C-h, C-S-u. Super handy!

    1. And don’t forget to use a good, strong cipher. I’ve personally moved all my hosts to ed25519 ECC keys.