SSH auth with Fish instead of Bash? (original) (raw)

February 19, 2020, 12:18pm 1

Hi,
as described here I’d like to use my pgp key stored on my NitroKey Storage for SSH authentication.

However I’m using the Fish shell instead of Bash.

So adding this

unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne <span class="katex"><span class="katex-mathml"><math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow></mrow><annotation encoding="application/x-tex"></annotation></semantics></math></span><span class="katex-html" aria-hidden="true"></span></span> ]; then
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi

to my .bashrc doesn’t make much sense.

Could anyone here be so kind to help me with a solution for the Fish shell?
That means the above snippet needs to be translated to Fish Syntax.

I’ve already found this post on GitHub, but it didn’t prove very useful.

Thank you!

szszszsz February 19, 2020, 1:54pm 2

Hi!

This is not a direct solution, rather a workaround, but I must admit it is handy in more complex cases.
For fish there is fenv tool, which evaluates bash scripts and uses produced variables. I am using it myself for the Nix initialization workaround.

# while in .config/fish/config.fish
fenv source '$HOME/ssh_gnupg_support.sh'

with ssh_gnupg_support.sh keeping the mentioned content for the bash.

As for direct correct solution, I do not know fish syntax well, but would place something like this in .config/fish/config.fish:

# warning: draft, might contain errors; not tested!
set -e SSH_AGENT_PID # unset
if test {$gnupg_SSH_AUTH_SOCK_by} -ne $fish_pid;
    set -x SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) 
end

Thank you for the tip. That looks neat.

However under Caveats they write:

Currently we only handle environment variables that are added or modified. If a variable is unset (removed from environment) it will not be removed from fish.

Does that mean that unset SSH_AGENT_PID won’t work?

I’ll give it a try asap.

szszszsz February 19, 2020, 2:21pm 4

I see. We’ll need then the hybrid approach: this line set -e SSH_AGENT_PID (which is the unset operation) before fenv execution should do the trick.

Ha! nice! That works like a charm. :slight_smile:
Thank you.

szszszsz February 21, 2020, 4:15pm 6

Thank you for testing this!

@nitroalex Could we add this solution to the documentation? At least as a link to here.

Kareema December 25, 2020, 12:37pm 7

Here’s a slightly modified (direct) version of @szszszsz’s script, that’s working for me:

set -e SSH_AGENT_PID
if not set -q gnupg_SSH_AUTH_SOCK_by or test <span class="katex"><span class="katex-mathml"><math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>g</mi><mi>n</mi><mi>u</mi><mi>p</mi><msub><mi>g</mi><mi>S</mi></msub><mi>S</mi><msub><mi>H</mi><mi>A</mi></msub><mi>U</mi><mi>T</mi><msub><mi>H</mi><mi>S</mi></msub><mi>O</mi><mi>C</mi><msub><mi>K</mi><mi>b</mi></msub><mi>y</mi><mo>−</mo><mi>n</mi><mi>e</mi></mrow><annotation encoding="application/x-tex">gnupg_SSH_AUTH_SOCK_by -ne </annotation></semantics></math></span><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.8778em;vertical-align:-0.1944em;"></span><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="mord mathnormal">n</span><span class="mord mathnormal">u</span><span class="mord mathnormal">p</span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span class="vlist" style="height:0.3283em;"><span style="top:-2.55em;margin-left:-0.0359em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight" style="margin-right:0.05764em;">S</span></span></span></span><span class="vlist-s">​</span></span><span class="vlist-r"><span class="vlist" style="height:0.15em;"><span></span></span></span></span></span></span><span class="mord mathnormal" style="margin-right:0.05764em;">S</span><span class="mord"><span class="mord mathnormal" style="margin-right:0.08125em;">H</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span class="vlist" style="height:0.3283em;"><span style="top:-2.55em;margin-left:-0.0813em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">A</span></span></span></span><span class="vlist-s">​</span></span><span class="vlist-r"><span class="vlist" style="height:0.15em;"><span></span></span></span></span></span></span><span class="mord mathnormal" style="margin-right:0.10903em;">U</span><span class="mord mathnormal" style="margin-right:0.13889em;">T</span><span class="mord"><span class="mord mathnormal" style="margin-right:0.08125em;">H</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span class="vlist" style="height:0.3283em;"><span style="top:-2.55em;margin-left:-0.0813em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight" style="margin-right:0.05764em;">S</span></span></span></span><span class="vlist-s">​</span></span><span class="vlist-r"><span class="vlist" style="height:0.15em;"><span></span></span></span></span></span></span><span class="mord mathnormal" style="margin-right:0.07153em;">OC</span><span class="mord"><span class="mord mathnormal" style="margin-right:0.07153em;">K</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span class="vlist" style="height:0.3361em;"><span style="top:-2.55em;margin-left:-0.0715em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">b</span></span></span></span><span class="vlist-s">​</span></span><span class="vlist-r"><span class="vlist" style="height:0.15em;"><span></span></span></span></span></span></span><span class="mord mathnormal" style="margin-right:0.03588em;">y</span><span class="mspace" style="margin-right:0.2222em;"></span><span class="mbin">−</span><span class="mspace" style="margin-right:0.2222em;"></span></span><span class="base"><span class="strut" style="height:0.4306em;"></span><span class="mord mathnormal">n</span><span class="mord mathnormal">e</span></span></span></span>fish_pid
    set -gx SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) 
end