Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Meta
Q&A
Posts Tags Edits
Ask Question

Comments on How to let systemd user unit see keys in SSH agent?

Post

How to let systemd user unit see keys in SSH agent?

+0
−0

I have a script that does git fetch for a repository. When I run this in my shell it works fine.

I want to run it in a systemd user unit. However, I am using an SSH url, and the systemd unit fails with fatal: Could not read from remote repository.' (Git exit code 128).

This is probably because systemd doesn't have access to my SSH key and/or cannot handle the interactive passphrase prompt.

I've seen solutions like creating a passwordless SSH key, but I don't want to do that. I also don't want to explicitly point it to the key, because this will be on several machines that have differently named keys. I'd rather make the systemd unit get the SSH key the same way git fetch does for me: From the SSH agent. How can I do that?

ssh systemd ssh-agent git
posted 9 months ago
user card
matthewsnyder‭
1096 reputation 79 53 177 73
History
Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

1 comment thread

Probably not a supported use case (2 comments)
Probably not a supported use case
tripleee‭ wrote 9 months ago · edited 9 months ago
copy link

I don't think this is a supported use case. The agent needs to run as the user whose password it is, not as root; and the process which talks to the agent should share a parent process with it. (I don't know if these constraints are actively enforced, but working around them would be clunky at the very least.)

Skipping 1 deleted comment.

bgstack15‭ wrote 9 months ago
copy link

You should check to see if you can set the permissions (including SELinux?) for the running ssh-agent socket, and also set the environment variables somehow, so that this process can talk to the existing ssh-agent. When something runs ssh-agent, ssh-agent normally prints its sock and pid:

$ ssh-agent 
SSH_AUTH_SOCK=/tmp/ssh-rIEUSojPzs0W/agent.9298; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9299; export SSH_AGENT_PID;
echo Agent pid 9299;

You need to share this info somehow for your systemd unit to pick up, maybe with predictable socket filenames or perhaps if just running ssh-agent again generates the same pid+socket file output?