From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 8 Jul 2017 11:32:46 +0000 (+0100)
Subject: Various hacks to support use of Ed25519 keys in OpenSSH.
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/profile/commitdiff_plain/6ffd44906fd782b7fe21a3d56deeefffdbce8760

Various hacks to support use of Ed25519 keys in OpenSSH.

  * New script `bin/add-ssh-keys' to load keys into the SSH agent in the
    right order, so that it prefers Ed25519 over RSA.

  * Don't use the `gnome-keyring' SSH agent, because it doesn't
    implement modern cryptography.  Because the Gnome developers have
    more important things to screw up.
---

diff --git a/bin/add-ssh-keys b/bin/add-ssh-keys
new file mode 100755
index 0000000..291a09e
--- /dev/null
+++ b/bin/add-ssh-keys
@@ -0,0 +1,10 @@
+#! /bin/sh -e
+
+## An ugly hack: figure out the available SSH keys and feed them to the agent
+## in preference order, because the default order is wrong and there doesn't
+## seem to be any other way to fix this.
+unset ff
+for k in id_ed25519 id_rsa id_ecdsa id_dsa id_identity; do
+  if [ -f $HOME/.ssh/$k ]; then ff=$ff${ff+ }$HOME/.ssh/$k; fi
+done
+exec ssh-add $ff
diff --git a/dot/bash_profile b/dot/bash_profile
index 2a47c68..47c408b 100644
--- a/dot/bash_profile
+++ b/dot/bash_profile
@@ -246,7 +246,7 @@ if { { [ "$GNOME_KEYRING_CONTROL" ] &&
        [ -s "$GNOME_KEYRING_CONTROL" ]; } ||
      { [ "$DBUS_SESSION_BUS_ADDRESS" ] &&
        __mdw_programp gnome-keyring-daemon; }; } &&
-   stuff=$(gnome-keyring-daemon -s -c ssh,gpg 2>/dev/null)
+   stuff=$(gnome-keyring-daemon -s -c gpg 2>/dev/null)
 then
   eval "$stuff"
   export SSH_AUTH_SOCK GPG_AGENT_INFO
diff --git a/setup b/setup
index 0e62ac8..a54108c 100755
--- a/setup
+++ b/setup
@@ -266,6 +266,7 @@ scripts="
   run-with-shell-env
   start-ssh-agent
   start-ssh-pageant
+  add-ssh-keys
   svnwrap
   guest-console
   hyperspec"