[pass] Any advice for using pass with ssh passphrases?

Christophe-Marie Duquesne chmd at chmd.fr
Sun Feb 21 13:52:57 CET 2016


New user here.

I decided that since I had an easy way of securely storing and
sync-ing passwords, it was time to use better passphrases of my ssh
private keys.

So I went ahead and generated passphrases for those.

Now my question is, is there a way to use pass in combination with an
ssh-agent effectively?

Right now, assuming I just logged in and no agent is running, here are
the steps to ssh somewhere:

pass -c ssh/me at laptop
# *gpg-agent makes me type my passphrase to unlock my gnupg key*
ssh user at host
# *gpg-agent makes me type my passphrase to unlock my ssh key, which I
paste from the previous step (I use gpg-agent as my ssh-agent)*

So 2 commands, and 2 dialogs for typing 2 different passphrases.

I was somehow hoping to find a trick to reduce it to
ssh user at host
# *type passphrase to unlock my gnupg key*

Has anyone found an elegant solution?


P.S.: I have an idea based on switching back to the vanilla ssh-agent
and tricking it with SSH_ASKPASS, but it is hacky. I will let you know
if I manage to get it to work properly.

More information about the Password-Store mailing list