From 8c3744c30cd717aab9ba9bbe321d462acf2d640e Mon Sep 17 00:00:00 2001 From: Zack Shoylev Date: Tue, 25 Jun 2019 13:24:32 -0500 Subject: [PATCH 1/2] Update README-SSH.md Small systemd doc improvements. --- doc/README-SSH.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/README-SSH.md b/doc/README-SSH.md index 7e809e4..9214a6a 100644 --- a/doc/README-SSH.md +++ b/doc/README-SSH.md @@ -124,6 +124,7 @@ Requires=trezor-ssh-agent.socket [Service] Type=simple +Restart=always Environment="DISPLAY=:0" Environment="PATH=/bin:/usr/bin:/usr/local/bin:%h/.local/bin" ExecStart=/usr/bin/trezor-agent --foreground --sock-path %t/trezor-agent/S.ssh IDENTITY @@ -133,6 +134,13 @@ If you've installed `trezor-agent` locally you may have to change the path in `E Replace `IDENTITY` with the identity you used when exporting the public key. +`IDENTITY` can be a path (starting with `/`) to a file containing a list of public keys +generated by Trezor. I.e. `/home/myUser/.ssh/trezor.conf` with one public key per line. +This is a more convenient way to have a systemd setup that has to handle multiple +keys/hosts. + +When updating the file, make sure to restart trezor-agent. + If you have multiple Trezors connected, you can select which one to use via a `TREZOR_PATH` environment variable. Use `trezorctl list` to find the correct path. Then add it to the agent with the following line: @@ -168,9 +176,13 @@ systemctl --user enable trezor-ssh-agent.socket ##### 3. Add this line to your `.bashrc` or equivalent file: ```bash -export SSH_AUTH_SOCK=$(systemctl show --user --property=Listen trezor-ssh-agent.socket | grep -o "/run.*") +export SSH_AUTH_SOCK=$(systemctl show --user --property=Listen trezor-ssh-agent.socket | grep -o "/run.*" | cut -d " " -f 1) ``` +Make sure the SSH_AUTH_SOCK variable mathes the location of the socket that trezor-agent +is listening on: `ps -x | grep trezor-agent`. In this setup trezor-agent should start +automatically when the socket is opened. + ##### 4. SSH will now automatically use your device key in all terminals. ## 4. Troubleshooting From b7d0ef0f9496c4f1ba8f6501e9ff10a653f120a2 Mon Sep 17 00:00:00 2001 From: Zack Shoylev Date: Tue, 27 Aug 2019 15:33:02 -0500 Subject: [PATCH 2/2] Update README-SSH.md Fix typo --- doc/README-SSH.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/README-SSH.md b/doc/README-SSH.md index 9214a6a..c91d1e8 100644 --- a/doc/README-SSH.md +++ b/doc/README-SSH.md @@ -179,7 +179,7 @@ systemctl --user enable trezor-ssh-agent.socket export SSH_AUTH_SOCK=$(systemctl show --user --property=Listen trezor-ssh-agent.socket | grep -o "/run.*" | cut -d " " -f 1) ``` -Make sure the SSH_AUTH_SOCK variable mathes the location of the socket that trezor-agent +Make sure the SSH_AUTH_SOCK variable matches the location of the socket that trezor-agent is listening on: `ps -x | grep trezor-agent`. In this setup trezor-agent should start automatically when the socket is opened.