30

I've googled and read the FAQ and Wiki for Magit, but still unable to figure this out, all I find are answers about Windows...

How can I configure Magit to use my running ssh-agent session and don't ask for my password when doing a push.

I'm running linux, and have the ssh-agent startup with my terminal and unlock my key then, which allows me to do git push, etc. without having me enter the password each time.

Env:
Arch Linux
Emacs 24.4

ssh-agent with keys added, to unlock on first terminal opened.

EDIT: I meant using passphrase, you know for the ssh key, et al.
And I'm pushing to Bitbucket, but I do believe the key problem is that Magit is not talking/recognizing my ssh-agent.
Maybe there's some config to set, to tell it that I'm running it??

3 Answers3

18

Well this turned out to be more of a rabbit hole than I though... And for what I can gather there's not a better solution for this specific issue, with this combination of desktop, ssh-agent, emacs.

Problem 1
XFCE was starting it's own ssh-agent with the session, without actually saying so anywhere, which caused the system to have 1 unused global ssh-agent, and my shell specific unlocked agent.
On a different DE you might run with the same problem, and will need to find the specifics to disable the agent auto start.

Solution 1
Run this command to disable the startup ssh-agent from executing

xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled -n -t bool -s false

Problem 2
Now Emacs does not have any SSH_AGENT_PID and SSH_AUTH_SOCK variables set, so nothing on the loaded environment. Obviously Magit still asks for the key as it doesn't know about the new ssh-agent we started.

Solution 2
We need to have Emacs fetch up these new variables from the enviroment, but of course, no straight forward way.
Enter: exec-path-from-shell that allows you to fetch environment variables from your shell. So.

  1. Install the exec-path-from-shell package in your preferred way.
  2. Add the following code to your init.el so that it loads when you start Emacs.

(require 'exec-path-from-shell) (exec-path-from-shell-copy-env "SSH_AGENT_PID") (exec-path-from-shell-copy-env "SSH_AUTH_SOCK")

Thanks guys for the suggestion on looking at the SSH_** variables, that pointed me on the right direction.

  • Any particular reason you are not satisfied with XFCE's agent and want to run your own? Abandoning that would seem like the simpler solution. – tripleee Nov 06 '15 at 05:35
  • I not always run XFCE, nor do I care on how the desktop manages it, I prefer the plugin that handles it from oh-my-zsh. So it's easier for me to skip the default use case. (granted I don't know nearly enough about the agent... but is not something I really want to spend time thinking about anyway) –  Nov 06 '15 at 05:40
  • Maybe Zsh should recognize the case when an agent is already running, and defer to that instead; but obviously, this is getting off-topic here. – tripleee Nov 06 '15 at 05:44
  • 1
    Maybe [ssh-agency](https://github.com/magit/ssh-agency) should be extended to work on unix-like systems too. – npostavs Nov 06 '15 at 16:15
18

Another solution for the lazy is to just use a package that handles exactly this case (setting Emacs' keychain-related environment variables):

  1. Install and add to your init.el package keychain-environment.
  2. Run M-x keychain-refresh-environment and now it should work.
  3. Place (keychain-refresh-environment) in your init.el, so the solution works after restarting Emacs

And that's all, assuming your ssh-agent is configured and running.

Really good description, from package's comment:

Keychain is a script that manages ssh-agent and gpg-agent. It is typically run from the shell's initialization file. It allows your shells and cron jobs to share a single ssh-agent and/or gpg-agent.

When keychain is run, it checks for running agent, otherwise it starts them. It saves the agents' environment variables to files inside ~/.keychain/, so that subsequent shells can source these files.

When Emacs is started under X11 and not directly from a terminal these variables are not set. This library looks for these files created by keychain and then sets Emacs' environment variables accordingly. It does not actually run keychain, so you still have to run that from a login shell first.

To use run the function `keychain-refresh-environment' in your init file. If keychain has not been run yet when you start Emacs you can also later call that function interactively.

Also see: http://www.funtoo.org/wiki/Keychain

tlegutko
  • 356
  • 2
  • 9
3

FWIW, keychain now has a --systemd switch, which will inject the variables into the systemd user environment.

The simplest solution I found was to add eval "$(keychain --eval --quiet --noask --systemd keys...)" to a script that's ran from the systemd unit to start the Emacs server.

Vladimir Panteleev
  • 853
  • 5
  • 18
  • I am trying this solution, where exactly I need to put the script. I am running emacs daemon under systemd. Should I put under `ExecPostStart` – nerding_it May 18 '20 at 22:12
  • Put the script in `ExecStart` and put the command to start the Emacs server in the script, after the `eval`. – Vladimir Panteleev May 19 '20 at 00:48