I tried to follow carefully the split-ssh instructions on
https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/split-ssh.md but I experience a stupid error. I did a "plain setup" without keepass. So when I run ssh-add -L in vault it does work, and has 1 test-identity. ssh-add -L in work it does not work "Error connecting to agent: Connection refused" even with "-v -v -v" I get no better hint. So I tried to follow the traces; 1.) This happens when I ("manually") run user@work:~$ bash -x /etc/qubes-rpc/qubes.SSHagent ++ qubesdb-read /name + notify-send '[work] SSH agent access from: dom0' + socat - UNIX-CONNECT:/home/user/.SSH_AGENT_sshkeys 2023/06/21 11:24:59 socat[1562] E connect(, AF=1 "/home/user/.SSH_AGENT_sshkeys", 34): Connection refused you may observe that I wrote SSH with 3 capital letters, but I did so everywhere (I hope :), inclusive the small script snipplets from github page. 2.) This happens when I query the ssh agent: systemctl --user status ssh-agent.service ● ssh-agent.service - OpenSSH Agent Loaded: loaded (/usr/lib/systemd/user/ssh-agent.service; static) Active: active (running) since Wed 2023-06-21 11:18:46 CEST; 22min ago Docs: man:ssh-agent(1) Main PID: 1513 (ssh-agent) Tasks: 1 (limit: 4618) Memory: 872.0K CPU: 3ms CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/ssh-agent.service └─1513 ssh-agent -D -a /run/user/1000/openssh_agent Jun 21 11:18:46 work systemd[654]: Started ssh-agent.service - OpenSSH Agent. Jun 21 11:18:46 work agent-launch[1515]: dbus-update-activation-environment: setting SSH_AUTH_SOCK=/run/user/1000/openssh_ag> Jun 21 11:18:46 work agent-launch[1515]: dbus-update-activation-environment: setting SSH_AGENT_LAUNCHER=openssh Jun 21 11:18:46 work agent-launch[1513]: SSH_AUTH_SOCK=/run/user/1000/openssh_agent; export SSH_AUTH_SOCK; Jun 21 11:18:46 work agent-launch[1513]: echo Agent pid 1513; We observe that the file /run/user/1000/openssh_agent is different from /home/user/.SSH_AGENT_sshkeys. That may be a problem. I tried to fix that temporarily with linking one to the other ("ln -s") . Then ssh-add -L does not fail, but has no identities. Here I am stuck. Any hints? Thank you, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0bd9348b-4b84-297a-3c6b-53c0f4e9800a%40web.de.
