Accessing unlocked private SSH keys


#1

Hi all

I have an encrypted ssh key that is unlocked when I log in. Regular applications can use this key without entering the password. When I use the key from a snap, I need to enter my password to unlock the key.

snappy-debug shows the following denial.

= AppArmor =
Time: Nov 23 18:09:23
Log: apparmor="DENIED" operation="connect" profile="snap.gh-teacher.gh-tools" name="/run/user/1000/keyring/ssh" pid=18254 comm="ssh" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
File: /run/user/1000/keyring/ssh (write)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*

These are the plugs I’m currently using. I was hoping password-manager-service would give me access to the keyring but that doesn’t seem to happen.

    plugs:
      - home
      - network
      - ssh-keys
      - password-manager-service

Is it possible to access this key in a snap without having to fill in my password?

PS: maybe relevant; I’m using git inside of the snap, which uses ssh to push to a remote repo.


#2

This is covered in Ssh-agent plug request (with a workaround).