Eymeric Chauchat

How to use KeepassXC ssh-agent with Git

by

Chauchat Eymeric
in ,

If you enjoy reading my blog and would like to support me, please consider making a donation here on paypal. Your support helps me continue creating content and allows me to make it even better. Thank you! You can also join my discord

I was fed up to always type my passphrase when using git. I show you what modification you need to do in order to use the auto ssh-agent offered with KeepassXC.


First why KeepassXC ? In my point of view it is a far superior alternative to Keepass original client:

  • multi-platform : Linux, Windows, MacOS
  • Easy synchronization through any cloud services (Nextcloud Included)
  • WebIntegration in firefox and other browser
  • SSH agent automatic setup

Today we will mainly focus on the last point ! How to setup the SSH-agent in order to use it directly in GIT. It seems straightforward but actually, it is fairly buggy and need some annoying trick.

It is well better to setup a passphrase with your ssh key because in the case your private key get stolen nobody can use it without your passphrase, however it is really annoying to input the passphrase all the time. KeepassXC provide you with a tool that setup ssh-agent automatically when you unlock database.

KeepassXC setup

Mainly need to change some settings and to setup the entry that will contain the SSH-agent.

Settings

in Tools/settings search the SSH Agent tab. here you should only tick the Enable SSH Agent Integration and Use OpenSSH. Everything should directly be fine.

SSH Agent setting tab

Entry setup

First in KeepassXC you need to create a new entry were you are going to paste the passphrase in the password field.

Classical setup

Now from the icon in the left you are going to search Advanced and add your private key as attachments. (This step is not mandatory please read the disclaimer above)

Private key as attachment

Final step, go into the SSH agent tab and select your attachment and tick what option you prefer for SSH agent. (for some key like this one I activate both automatic add and remove). You can check if everything is working by clicking on Decrypt

SSH agent tab

DISCLAIMER

As you may have seen from the step above you can either add the key as attachment or as external file. FOR MORE SECURITY, it is advised to use the key as external file because if your keepass database get stolen and open you will only loose your passphrase while the actual private key will stay on your computer.

GIT configuration

Git is an annoying boy in Windows, and it was in fact the most tricky part to make it work. Internet was not full of resources for this one.
Please directly modify your git config file (because of quote and other annoying path related stuff), it can be found in C:\Users\UserName\.gitconfig. Add the two following line in git in order to enable it to use ssh agent.

[core]
	sshCommand = 'C:\\Windows\\System32\\OpenSSH\\ssh.exe'
[gpg "ssh"]
	program = 'C:\\Windows\\System32\\OpenSSH\\ssh-keygen.exe'

You can check if it works by doing a git pull in any of your repository. You shouldn’t be prompted anymore for your passphrase.

Conclusion

That’s it for this super short tutorial ! Hope you found it useful, and that now you will use the full power of KeepassXC.

If you have liked this article and want to keep update on the next article and project feel free to join my discord !

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *