Strange problem with console and ssh-agent after Plasma6 update

bluelupo · March 10, 2024, 12:01pm

Hi Community,

When I create a new desktop icon with the following content (see screenshot).

I would like to copy a text file to a remote host (laptop) via scp. Unfortunately this does not work, because I am always asked for the ssh passphrase.

However, if I start the scp command directly from an open konsole, no ssh passphrase is requested and the text file is copied to the remote host. I would like to define this behavior in a desktop icon so that it works.

Here is a screenshot in which I activate the verbose mode of the scp command so that you can see at which point the execution stops.

It looks like the console session does not know any ssh keys. What is the problem? Have I possibly made a mistake?

Regards
Michael

bedna · March 10, 2024, 1:01pm

Possibly related topic.

This perticular answer could also be good to read:

bluelupo · March 11, 2024, 8:02am

Hi bedna, thanks for your answer.

Unfortunately, none of the solutions in the articles or links you provided work.

I have added the following to my .bash_profile (see : git - Start ssh-agent on login - Stack Overflow)

SSH_ENV="$HOME/.ssh/agent-environment"

function start_agent {
    echo "Initialising new SSH agent..."
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    echo succeeded
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
    /usr/bin/ssh-add;
}

# Source SSH settings, if applicable

if [ -f "${SSH_ENV}" ]; then
    . "${SSH_ENV}" > /dev/null
    #ps ${SSH_AGENT_PID} doesn't work under cywgin
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
    }
else
    start_agent;
fi

A manual scp from the command line works correctly and without asking for the ssh passphrase. But as soon as I wrap the scp command in a desktop icon, as I described above, the ssh passphrase is requested. This worked correctly in Plasma5 but now in Plasma6 (and a Wayland session) it no longer works.

Somehow the call via desktop icon does not seem to be aware of the loaded ssh keys.

Greetings
Michael

bedna · March 11, 2024, 8:14am

The user in the other thread had success using the systemd service (the answer below in the link), not this script.

Try that instead.

bluelupo · March 12, 2024, 8:27am

Hi,
@bedna it worked with the systemd service. Thanks for the hint.I document here again the steps I have done so that other users can easily follow this.

Set up SSH agent based on systemd for a special user
Create the service file under ~/.config/systemd/user/ssh-agent.service.

[Unit]
Description=SSH key agent (User service)

[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK

[Install]
WantedBy=default.target

Add the following line to the ~/.bash_profile of the respective user to be able to access the socket.

export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

Add the following line to the user’s SSH config file under $HOME/.ssh/config.

AddKeysToAgent  yes

Now activate and start the user service.

$ systemctl --user enable --now ssh-agent

The status of the newly created ssh-agent service is queried in this way.

$ systemctl --user status ssh-agent
● ssh-agent.service - SSH key agent (User service)
     Loaded: loaded (/home/michael/.config/systemd/user/ssh-agent.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-03-11 14:24:54 CET; 4h 18min ago
   Main PID: 2478 (ssh-agent)
      Tasks: 1 (limit: 18903)
     Memory: 1.5M
        CPU: 27ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/ssh-agent.service
             └─2478 /usr/bin/ssh-agent -D -a /run/user/1000/ssh-agent.socket

Mär 11 14:24:54 neonlight systemd[2469]: Started SSH key agent (User service).
Mär 11 14:24:54 neonlight ssh-agent[2478]: SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket; export SSH_AUTH_SOCK;
Mär 11 14:24:54 neonlight ssh-agent[2478]: echo Agent pid 2478;

Info from:

bedna · March 12, 2024, 8:39am

Thank you so much for that contribution!

But please edit it and remove errors like:

bluelupo:

</code>

In der ~/.bash_profile des jeweiligen Users folgende Zeile ergänzen um auf den Socket zugreifen zu können.

<code>
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

A lot of people just press the “copy text” from those snippets, and the <code> stuff should not be there.

Thank you again!
You can also press the (choose this answer as solution) on your own answer, that way other users who have the same problem can immediately find the solution linked from you original post.

And since you are such a great person, I will give you a tiny lesson as well.
Instead of doing both enable & start on a systemd service, you can just do:
systemctl --user enable --now name-of.service
The --now option starts the service/timer/mount immediately.
Works on both user and system units.

bluelupo · September 12, 2025, 9:46am

@bednar thanks for the tip