Setting Up GPG and SSH in KDE
When both GPG and SSH are integrated with KDE, it makes inter-operating with those systems very easy. It will make the difference between a loose-fitting glove, and one that fits snugly.
This quick tutorial will go over the steps on how to go about it. To accommodate everyone, I’ll still go about how to install and configure all the necessary components.
Table of contents
For this tutorial you need to have GPG, SSH, and Pinentry.
$ nix-env -i gnupg openssh pinentry
$ sudo apt-get install gnupg2 ssh pinentry-qt4
$ sudo dnf install gnupg openssh pinentry
Now that you have the parts in front of you, it’s time to assemble them. The first thing that you need to do (although in reality the files that you are going to open in this section can be done in any order that you wish), is create your SSH keys:
$ ssh-keygen -t rsa
DO NOT leave the passphrase empty. If you really insist, then shoot yourself, in the head.
The above command will create two files:
Next, authorize yourself on the remote server, so that password-less logins will be avaible later:
$ ssh-copy-id user@host
You need to create next your GPG keys. Follow the prompts that follow, making sure that you select the strongest options:
$ gpg2 --gen-key
The next thing to do is edit the main GPG config file:
$ emacs ~/.gnupg/gpg.conf
Find the line that contains
use-agent and uncomment it, if it is commented. If that line does not exist just put
use agent at the end of that file:
You need to edit the agent file, next:
$ emacs ~/.gnupg/gpg-agent.conf
Then put the following lines:
no-grab default-cache-ttl 10800 default-cache-ttl-ssh 10800 pinentry-program /usr/bin/pinentry-qt4
Those are my preferred values. If you want to change them, look at the manpage:
$ man gpg-agent
You now need to link the GPG agent with KDE. You need to create a startup script for KDE that will invoke the GPG agent at startup. You also need to tell the GPG agent to enable SSH support (in the old days, the SSH agent has to be ran separately from GPG).
$ mkdir ~/.kde/env $ emacs ~/.kde/env/01_gpg-agent.sh
Then put in the following lines:
#!/bin/sh killall gpg-agent eval `gpg-agent --enable-ssh-support --daemon`
Make it executable:
$ chmod +x ~/.kde/env/01_gpg-agent.sh
Finally, create the shutdown script for the GPG agent:
$ mkdir ~/.kde/shutdown $ emacs ~/.kde/shutdown/01_gpg-agent.sh
Then put in the following lines:
#!/bin/sh killall gpg-agent
Make it executable, too:
$ chmod +x ~/.kde/shutdown/01_gpg-agent.sh
Unfortunately, you have to restart your KDE session for these settings to take effect. If you know a method that doesn’t require restarting the session, please let me know.
Press Ctrl+Alt+Del to logout, then login with your account.
Open a Konsole window, then connect to your favorite SSH server:
$ ssh user@remotehost
A pinentry dialog box should appear prompting you for your passphrase. This passphrase will be cached according to your settings in
~/.gnupg/gpg-agent.conf. Subsequent SSH connection attempts will not prompt you for the passphrase within this timeout period.
A similar behavior will happen if you encrypt a file with GPG:
$ gpg2 -sea -r john@remotehost file.dat
The steps outline above are meant to be succinct without going through the gory details. I avoided reiterating what was already said before so as not to bore you to death. I hope you found this useful!