SSH auth with Fish instead of Bash?

DannyLachs · February 19, 2020, 12:18pm

Hi,
as described here I’d like to use my pgp key stored on my NitroKey Storage for SSH authentication.

However I’m using the Fish shell instead of Bash.

So adding this

unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi

to my .bashrc doesn’t make much sense.

Could anyone here be so kind to help me with a solution for the Fish shell?
That means the above snippet needs to be translated to Fish Syntax.

I’ve already found this post on GitHub, but it didn’t prove very useful.

Thank you!

szszszsz · February 19, 2020, 1:54pm

Hi!

This is not a direct solution, rather a workaround, but I must admit it is handy in more complex cases.
For fish there is fenv tool, which evaluates bash scripts and uses produced variables. I am using it myself for the Nix initialization workaround.

# while in .config/fish/config.fish
fenv source '$HOME/ssh_gnupg_support.sh'

with ssh_gnupg_support.sh keeping the mentioned content for the bash.

As for direct correct solution, I do not know fish syntax well, but would place something like this in .config/fish/config.fish:

# warning: draft, might contain errors; not tested!
set -e SSH_AGENT_PID # unset
if test {$gnupg_SSH_AUTH_SOCK_by} -ne $fish_pid;
    set -x SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) 
end

DannyLachs · February 19, 2020, 2:18pm

Thank you for the tip. That looks neat.

However under Caveats they write:

Currently we only handle environment variables that are added or modified. If a variable is unset (removed from environment) it will not be removed from fish.

Does that mean that unset SSH_AGENT_PID won’t work?

I’ll give it a try asap.

szszszsz · February 19, 2020, 2:21pm

I see. We’ll need then the hybrid approach: this line set -e SSH_AGENT_PID (which is the unset operation) before fenv execution should do the trick.

DannyLachs · February 19, 2020, 2:42pm

Ha! nice! That works like a charm.
Thank you.

szszszsz · February 21, 2020, 4:15pm

Thank you for testing this!

@nitroalex Could we add this solution to the documentation? At least as a link to here.

Kareema · December 25, 2020, 12:37pm

Here’s a slightly modified (direct) version of @szszszsz’s script, that’s working for me:

set -e SSH_AGENT_PID
if not set -q gnupg_SSH_AUTH_SOCK_by or test $gnupg_SSH_AUTH_SOCK_by -ne $fish_pid
    set -gx SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) 
end