ssh-askpass Frustration

Thu, Dec 28, 2023

On my laptop I run Arch with Wayland. I have a gitea instance that I run on my vps for managing my git repos. I had setup my ssh key in gitea and noticed the verify key button. I'm honestly not certain what exactly the verification process gains for you, as the key seems to work even if you haven't verified it, but I figured verifying my key seems like a good thing to do, so I gave it a shot. Here is a writeup about some of the trouble I ran in to and how I sorted it out.

To walk through this and provide some screenshots and examples, I've created a test key that will be tossed after I finish this. When you first add a new key to your gitea profile, you'll have a verify button next to the remove button. It looks like this.

Screenshot of gitea showing the REMOVE and VERIFY buttons

When I was searching around for an explanation of what exactly the verification process does, I found this nice detailed walkthrough for adding your ssh key to gitea. How to add and verify ssh keys inside gitea

After clicking the verify button, you're presented with the following dialog.

Screenshot of gitea showing the Verification Dialog

The idea here is that you copy that command beginning with echo, paste it into your terminal, update the path to your public key at the end, press enter, and you'll receive a signature to copy and paste back into this dialog. At that point, your ssh key is signed, or verified, and you're good to go.

But this is where I ran into trouble.

As far as I'm understanding things at this point, I think my issue is that I'm using swaywm instead of a full DE (Desktop Environment) like Gnome or KDE. I'm guessing that if I was using one of those, this would maybe mostly not have been an issue at all. I don't want to undo what I finally did to get it working in order to get screenshot and exact errors, but the gist of it is when I ran that command in my terminal, I was greeted with an error that said:

ssh-askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory

And indeed, when I looked in that directory, there was no such file called ssh-askpass.

I felt like the more I searched and read various posts I could find, the more confused I got. I started to realize and understand what ssh-askpass was, but I'm still not sure I entirely understand the point. Why the verification process couldn't just ask me for the password and I needed to have the password stored in a vault is still not really clear to me.

I went to the AUR and searched 'askpass', and I was presented with a bunch of options. I failed to install and/or configure openssh-askpass, xaskpass, r-askpass, before finally getting one to install, configure and work properly - pass-sshaskpass-git.

So, the README for pass-sshaskpass leaves a wee bit to be desired. Fortunately though, the AUR package installs just fine without issue and there seems to be nothing much to configure or setup for itself to work.

As noted in the README for pass-sshaskpass, you'll need to have installed and setup pass as well - 'the standard unix password manager'. This is availabe in the main Arch Repo and has instructions on how to set it up and add a password.

After getting all of that installed and configured, the last piece was to set a symlink for pass-sshaskpass to ssh-askpass.

sudo ln -s /sbin/pass-sshaskpass /usr/lib/ssh/ssh-askpass

Now everything finally works and I can verify/sign my ssh key properly!

  1. Previous Post
    From Apache to Nginx
    Mon, Dec 26, 2022
    Tutorials Apache Nginx
    A basic tutorial to migrate from Apache webserver to Nginx webserver.