The Blog of Tom Webster

Chronic Ranter, Reviewer, and Developer

SSH Agents

  2017-08-08 20:51:58 PDT

I recently re-installed Gnome 3 on my Debian Sid machine and I quickly realized why I left for XFCE. The damn Gnome Keyring trying to rule my life (and ssh-agent). Here's what I found to fix it.

I'm linking and mirroring these steps in case the original sources ever go away.

mkdir ~/.config/autostart
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/ &&
printf '%s\n' 'Hidden=true' >> ~/.config/autostart/gnome-keyring-ssh.desktop
printf '%s\n' 'X-GNOME-Autostart-enabled=false' >> ~/.config/autostart/gnome-keyring-ssh.desktop
printf '%s\n' 'NoDisplay=true' >> ~/.config/autostart/gnome-keyring-ssh.desktop

sudo dpkg-divert --local --rename --divert /etc/xdg/autostart/gnome-keyring-gpg.desktop-disable --add /etc/xdg/autostart/gnome-keyring-gpg.desktop

On Arch Linux, the following works really great (should work on all systemd-based distros):

Create a systemd user service, by putting the following to ~/.config/systemd/user/ssh-agent.service:

[Unit]
Description=SSH key agent

[Service]
Type=forking
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK

[Install]
WantedBy=default.target

Setup shell to have an environment variable for the socket (.bash_profile, .zshrc, ...):

export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

Enable the service, so it'll be started automatically on login, and start it:

systemctl --user enable ssh-agent
systemctl --user start ssh-agent

Add the following configuration setting to your ssh config file ~/.ssh/config (this works since SSH 7.2):

AddKeysToAgent  yes

This will instruct the ssh client to always add the key to a running agent, so there's no need to ssh-add it beforehand.


As a disclaimer, these answers have been copied wholesale (and linked to the original source) for preservation.

WhatsApp and Signal Security Key Change

  2017-04-26 20:11:14 PDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

My WhatsApp and Signal security keys are changing.
I am rebuilding my phone, going from a custom rom
to the official Google firmware.
Cheers!
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEN+jPAm6swpX57Jy5y3RCc+2g4LsFAlkBYbAACgkQy3RCc+2g
4LsS4hAA3PCktvvrEf0lPi7bOVpZ5R7TfEZTFDDJxwxEI7VLkspFglnwb5h4YoYC
R6m/g/wF66XURaCMPQu9Cg7/f+YLhE/IkzpeBuIGkgN2Si83v1YpPJGH18glDtBC
sxW/JdmZvr+5+U9i0Iz0znGwupZssXp0SaYJE5qRT2hWsMApur2QEcGuqnTTX2W7
MiKnOdrbx0TVL4/JFDnWJzgNBqrWW2zvyqYO+79rzUNiOl6AW4RA1L62JFb28arZ
7ZeJibz50WAKkjJoXxk9SO8X+hZvcpF5f6D68D/zaYBmP2z8LiKD4KW48x3MIa4r
AUm+L0sp32HcATPkxNwEg5d6l4Fl6Dw3rhyBNyL/5VRoZ6rPb87xFuEk3yANig+O
Qs9hyTkFdxS0U9Xt1QOTWZU/EPgXalPiHO5gBd4Sx4AJSP+YAgUb0ebBH9WOVZuq
b/kdl4g/OstKuwAdsPQOk/K9o5P9uW44r1TjuLKrdInSxueaFmL1s7nVUr5RSDa6
1veZNtv/qf8azk078qF8i3GLmlVi8viKyf0JMQV/twK5iW0s1VDrz+DtvjnFdFyi
zbOavaueU0sJIEs0MnQ9So72hYar6xvg/3qC6/DDD8oQvSS46Qqx1sL89kQaAMjI
Hf3EFhjjgr5LDRIN18cmFQuuU0mjYoxcmco1RqFQM+9xB7k5vQg=
=mGl0
-----END PGP SIGNATURE-----

No More Comments

  2017-04-24 07:13:44 PDT

I've removed Disqus comments for the site. They aren't adding a whole lot beyond a myriad of tracking domains and extra cruft to load. If you'd like to contact me about an article, grab me on Twitter or Mastodon.

The main inspiration for this change came from this post. I don't feel the need to replace Disqus with GitHub comments, but it's an interesting idea. The real inspiration was seeing the load time graph. Comments aren't worth that.

New PGP Key

  2017-02-16 07:05:15 PST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have signed the text of this blog post with both my new and old keys for
verification purposes.

I've created a new PGP key. You can find it over on the [PGP Page](/pgp/).
Additionally, you will find links to the MIT and SKS keyservers where you can
verify the key. You may also find me (and my identity proofs) [on
Keybase](https://keybase.io/samurailink3). The new key
(37E8CF026EACC295F9EC9CB9CB744273EDA0E0BB) has been signed by my old key
(11C930C4693A6C9B789BB0F76442DF0A14BA4EFD) so you can verify that the new key is
valid. The old key can be found on [the PGP Archive page](/pgp/archive/).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEN+jPAm6swpX57Jy5y3RCc+2g4LsFAlilwWsACgkQy3RCc+2g
4Lvp5w/+NZO+bhDD9CC0cOS+834vb3vD4F3j8AlE57pQbvn9MKpKoWaVS05Q3Q/w
rIVlAT5HW4UDW6n9vxn/2gNBcymZkGTHP3fNs4rufkYLySgWyZuGJwiZIUTgJ1Nz
gbJoZtQ2YBUZBIecCv9xg+Xcb5vLInTsm1jz39lpLR4FUIhOeojBD/YTq3Z7or+M
Jjwas0rbluhcmrzho3OjBisrxQg3S5GzNhSS4nbRzCKW6Ys9UiylW5P3ERrYHcVZ
BWtpjz+LTmSfAZmQ8i0NKFloDyErHxAa9Sv/Ojp1ooENB/9EmxuYg+wNufw8X0sk
/OiLCZVYvJG5gkCpN0q9HYt5rFMYcYJRxidPv4tfXmViQWALKPnq6s0YO2cAwijF
jk1nTKDGlJG/CUsBP65gQHPksA9mtpfJu0pf+6zTT7LJrTk3gZHp/xBk9fc6Gxgd
QJVOjY8ErQ1IDzJ5WU+Q5se2McBKoZ2LvaQUlHJrEZi8XGwx0g5C4AHioTPMtHPd
BdHK28E7qG3K/0zeI8lKC2EODD0yWm4Rl1BPU6j9VxTPns1jmTkYNZWqoSZwe0Se
eWIvnl5frQr6Yj8Mh4SpOoa3IbAGnWzUhXyPBJXrEb5SpFDuorG3rrikDw/2WV2I
XJlVY5o4diXwKlWgBNk8Umvvbicd0q/C5EYNCLnOF1NQj7anfss=
=clqN
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have signed the text of this blog post with both my new and old keys for
verification purposes.

I've created a new PGP key. You can find it over on the [PGP Page](/pgp/).
Additionally, you will find links to the MIT and SKS keyservers where you can
verify the key. You may also find me (and my identity proofs) [on
Keybase](https://keybase.io/samurailink3). The new key
(37E8CF026EACC295F9EC9CB9CB744273EDA0E0BB) has been signed by my old key
(11C930C4693A6C9B789BB0F76442DF0A14BA4EFD) so you can verify that the new key is
valid. The old key can be found on [the PGP Archive page](/pgp/archive/).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEEckwxGk6bJt4m7D3ZELfChS6Tv0FAlilwY0ACgkQZELfChS6
Tv3LDg//bFXLrGtb0ZBYKBl+PJMXQJpkMpSkM/YX4uTDdiUXdxT/ThoHqtMKBKtx
MqOKtjoInLiBlkKsqXjHUJGPPG6RAwfZhwQUWgtXF49j3kzv0isgye/b8an4XCor
d7dbxN/2fuOzCsf7s6FZqx17KfJmDfky84fQmc+yJ+XjJeWkEcf53CY4A4vkaBie
xYoF68ZDF09+zizGc+CqyyoeOt58j5XiiJ3x3K/IEhJIHcc5CTVlsjy1rRWkiHIL
9mcQJpSJmTP75we/N2JBsCQKVXEr1BPneyzBWBP4NOdGew42zGaJwwmGChL+PfMf
QkX9tQQeCOBEoPus1KnCVUTAtHmKZftONZ0w6wWDq8VNU1T8TLRxgahM6TjyQeQf
rzBPkVR50su/FclLj9v11tUWIxYkBdhQuW16X1szkkAKdnIrmfODUiIzl+44MeRx
sHkaDAsE1TQMlht/lxPmniJXOIGsumaIrghsURTyyy2z4IM1npXmm/LLKgKKLYvT
f7IjXWAHAylrYbxw9pp0K725X15eGdTG9rPpT/b7HXodgoWibHtEHBZxq7EoobKN
NXJE9n55wB20QAwXH4/LAnbaxkyiDnCpekJAf7GHviB9TSKK25nTzlYE1mRqH/9P
Kc35tdlb7DyU3fWTqkWFgsZFJbVxO9l65DIYVcLuRUhx3NOZh+s=
=78aO
-----END PGP SIGNATURE-----

PGP Key Expiring Soon

  2017-02-09 09:39:27 PST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

My PGP key will be changing soon. It expires on 2017-03-18. I'll attempt to change it this month (2017-02).
I will update keybase.io/samurailink3, https://samurailink3.com/pgp/, and the MIT PGP Key Server.
This message is signed by me (and my still-valid key) so you know it's the real deal.
This will be tweeted by @samurailink3, posted on https://samurailink3.com, and posted in the
Security:inThirty group chat for additional verification.
Another blog post/tweet/message will be made when my new key has been created.
-----BEGIN PGP SIGNATURE-----

iQJLBAEBCAA1FiEEEckwxGk6bJt4m7D3ZELfChS6Tv0FAlicqRQXHHNhbXVyYWls
aW5rM0BnbWFpbC5jb20ACgkQZELfChS6Tv2YgA//WJUqAwAkW9zcxym54+z+zNdV
0s5mQgztt/eCcbfNaakqdkKboREW03dU26k/uKaWOvqW/fOWRmgDQ7XNGq5OHP+f
5L5LD+2z9Hx0T4LlowYnDmqmTplzIfmwpFnXHqXp0kvk2nbPzVwJdcE5fQjdhAF2
sQU12MhcWly9iwYvEo5pU/5WyWfMvaxn3m5pFv0vzdCVzyWb+qdpvN0VZgipDiXK
OSMR+8TDvWHuZSDS02V1QGh9eVT0SrbGeFY6TJHwPjGrzTv+QFKrrgVh+uSsNDuM
CVSeg0yqhLx+fLyOiYHbOklzrcMmIj1lF1wMs/AuyTCtJ3J2E2Xpvc6dyhDp0wma
9noov4yW0HOEZEgrP3GMtsBnBU1gpnawRA8snnc/pUppGQcR2tm7HTOxsGE2d5u3
5DQ59WQc/3LOmrNWlaKEAzITNaWZ74yMu0IB9PLUSx0sPQ+LP6ja0y72cwfWiL4g
L+Di9WMFrnrRf6EDVOTiwW1rQlOQrWr+c/PhyWv/gKtaznHiL9/13ulgRPymqGgv
pRILzRFFBve8n+7QVczr6LILLJDAQqS8xfQuA+Fm9f78vsFflNs59EBNBIqdRaae
ieFJ0YMOxUgbPEX0oo5/BsLG1itW7VH1ylcIlA8r5mMrliP/i8ZGydqTxceTe2ak
fpnSgNpoB9nAIUNmtw0=
=l9er
-----END PGP SIGNATURE-----
Page: 1 of 31