Demystifying SSH configuration for remote software forges on Guix System

Demystifying SSH configuration for remote software forges on Guix System

[Ashvith Shetty]

[-- Attachment #1: Type: text/plain, Size: 1172 bytes --]

I would like to understand the process for configuring SSH for software
forges, like Forgejo, GitLab or GitHub. So far, what I've noticed is that
by itself, SSH does not work properly, and that after opening a new
terminal session (window or tab, it does not matter), I am forced to repeat
the following step every time, before any pull or push:

```console
$ eval $(ssh-agent -s)
$ ssh-add <path-to-private-key>
```

Before I continue any further, I wanted to let you folks know that
presently, I am on XFCE4. I don't remember clearly if GNOME Desktop did
some magic behind the back, or if I had to repeat similar steps over there,
because I've not touched Git for some time.

I've tried adding GNOME Keyring as a service in the latest system
configuration (of course, with XFCE4), assuming that this missing service
was what I should have probably added, but that does not seem to be the
case. What am I missing over here?

And finally, I've come across `home-openssh-service-type` - which I've yet
to try, but reading from the docs, am I supposed to put my private and
public keys in the repository? How do I go about this? Isn't that a
security risk?

Thanks,
Ashvith

[-- Attachment #2: Type: text/html, Size: 1336 bytes --]

Re: Demystifying SSH configuration for remote software forges on Guix System

[jbranso]

May 10, 2024 at 3:57 AM, "Ashvith Shetty" <ashvithshetty10@gmail.com> wrote:



> 
> I would like to understand the process for configuring SSH for software forges, like Forgejo, GitLab or GitHub. So far, what I've noticed is that by itself, SSH does not work properly, and that after opening a new terminal session (window or tab, it does not matter), I am forced to repeat the following step every time, before any pull or push:
> 
> ```console
> 
> $ eval $(ssh-agent -s)
> 
> $ ssh-add <path-to-private-key>
> 
> ```

I fun sway, and I just put somelike like the above in my .profile;  When I log in, it auto prompts me for my ssh password.

> Before I continue any further, I wanted to let you folks know that presently, I am on XFCE4. I don't remember clearly if GNOME Desktop did some magic behind the back, or if I had to repeat similar steps over there, because I've not touched Git for some time.
> 
> I've tried adding GNOME Keyring as a service in the latest system configuration (of course, with XFCE4), assuming that this missing service was what I should have probably added, but that does not seem to be the case. What am I missing over here?
> And finally, I've come across `home-openssh-service-type` - which I've yet to try, but reading from the docs, am I supposed to put my private and public keys in the repository? How do I go about this? Isn't that a security risk?
> Thanks,
> Ashvith

Also this kind of question is probably better for help-guix@gnu.org

No worries.  This conversation is now on help-guix@gnu.org.

Thanks,

Joshua

Re: Demystifying SSH configuration for remote software forges on Guix System

[Ludovic Courtès]

Hi,

Ashvith Shetty <ashvithshetty10@gmail.com> skribis:

> And finally, I've come across `home-openssh-service-type` - which I've yet
> to try, but reading from the docs, am I supposed to put my private and
> public keys in the repository? How do I go about this? Isn't that a
> security risk?

Never ever put private keys in a repo.

I use ‘home-gpg-agent-service-type’ as my SSH agent:

  https://guix.gnu.org/manual/devel/en/html_node/GNU-Privacy-Guard.html

If you already use Guix Home, you can set it up by adding a few lines to
your Home config, along the lines of the example in the manual above.

If you don’t, you could start ‘gpg-agent --ssh-support’ or ‘ssh-agent’
manually, for example from ~/.xsession or similar startup file.

HTH!

Ludo’.

Re: Demystifying SSH configuration for remote software forges on Guix System

[Ashvith Shetty]

[-- Attachment #1: Type: text/plain, Size: 1127 bytes --]

Hello Ludovic,
Thank you for your reply. I was able to resolve this by adding `openssh` to
the system configuration, and `home-openssh` as well as `home-ssh-agent` to
the home configuration respectively.

On Tue, May 14, 2024 at 9:59 AM Ludovic Courtès <ludo@gnu.org> wrote:

> Hi,
>
> Ashvith Shetty <ashvithshetty10@gmail.com> skribis:
>
> > And finally, I've come across `home-openssh-service-type` - which I've
> yet
> > to try, but reading from the docs, am I supposed to put my private and
> > public keys in the repository? How do I go about this? Isn't that a
> > security risk?
>
> Never ever put private keys in a repo.
>
> I use ‘home-gpg-agent-service-type’ as my SSH agent:
>
>   https://guix.gnu.org/manual/devel/en/html_node/GNU-Privacy-Guard.html
>
> If you already use Guix Home, you can set it up by adding a few lines to
> your Home config, along the lines of the example in the manual above.
>
> If you don’t, you could start ‘gpg-agent --ssh-support’ or ‘ssh-agent’
> manually, for example from ~/.xsession or similar startup file.
>
> HTH!
>
> Ludo’.
>

[-- Attachment #2: Type: text/html, Size: 1679 bytes --]