Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keepassxc: ssh-agent feature does not work #3314

Closed
agraven opened this issue Apr 4, 2020 · 9 comments · Fixed by #6531
Closed

keepassxc: ssh-agent feature does not work #3314

agraven opened this issue Apr 4, 2020 · 9 comments · Fixed by #6531

Comments

@agraven
Copy link

agraven commented Apr 4, 2020

Using the standard profile for keepassxc in version 0.9.62 causes the ssh-agent functionality to stop working. I'm running Ubuntu 19.10.
@rusty-snake
Copy link
Collaborator

rusty-snake commented Apr 4, 2020
edited
Loading

Works it if you allow access to .ssh?

nobalcklist ${HOME}/.ssh
# Other things to go.
# ignore machine-id
# ignore private-tmp
# noblacklist blacklist /tmp/ssh-*
# read-write ${HOME}/.ssh/authorized_keys

@agraven
Copy link
Author

agraven commented Apr 4, 2020

Thanks for the quick response! I presume you meant noblacklist ${HOME}/.ssh?

@agraven
Copy link
Author

agraven commented Apr 4, 2020

I tried adding all the suggested directives but nothing seemed to change.

As a side note, fetching favicons from websites also doesn't work because network access is disabled, I don't quite understand the networking settings well enough to figure out how to enable it

@rusty-snake
Copy link
Collaborator

Network: use host network namespace; allow AF_INET and AF_INET6 sockets; TLS + DNS files in /etc

ignore net none
protocol unix,inet,inet6,netlink
private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf

@agraven
Copy link
Author

agraven commented Apr 4, 2020

Thanks! Would this be worth adding commented out to keepassxc.profile with a comment explaining what enabling them does? I'll gladly make a PR for that if so

@rusty-snake
Copy link
Collaborator

Some users probably want to fetch favicons inside keepassxc. Even if internet access relaxes the sandbox and keepassxc is only an blacklisting profile due to #2874.

I make it whitelisting like this, then you have to save the database in ~/Documents/KeePassXC

disable-programs.local:

blacklist ${HOME}/Documents/KeePassXC

keepassxc.local:

noblacklist ${HOME}/Documents/KeePassXC

mkdir ${HOME}/.config/keepassxc
mkdir ${HOME}/.keepassxc
mkdir ${HOME}/Documents/KeePassXC
whitelist ${HOME}/.config/keepassxc
whitelist ${HOME}/.keepassxc
whitelist ${HOME}/.mozilla
whitelist ${HOME}/Documents/KeePassXC
include whitelist-common.inc

@rusty-snake
Copy link
Collaborator

rusty-snake commented Apr 5, 2020
edited
Loading

Back to the ssh-agent. Is anything in the journal?

@rusty-snake rusty-snake mentioned this issue Apr 9, 2020
Open
@rusty-snake
Copy link
Collaborator

I'm closing here due to inactivity, please fell free to reopen if you still have this issue.

#3329 is still open.

@ShellCode33
Copy link 

noblacklist ${HOME}/.ssh
ignore private-tmp
noblacklist /tmp/ssh-*

Seems to be enough, thanks 👍

@kmk3 kmk3 changed the title KeePassXC ssh-agent feature broken with standard profile keepassxc: ssh-agent feature does not work Sep 20, 2024
@kmk3 kmk3 reopened this Nov 3, 2024
kmk3 added a commit to kmk3/firejail that referenced this issue Nov 3, 2024
@kmk3
keepassxc: allow access to ssh-agent socket
1fd89e6 
Fixes netblue30#3314.

Relates to netblue30#6391 netblue30#6529.
kmk3 added a commit to kmk3/firejail that referenced this issue Nov 3, 2024
@kmk3
keepassxc: allow access to ssh-agent socket
4e66ee8 
Fixes netblue30#3314.

Relates to netblue30#6529.
@kmk3 kmk3 mentioned this issue Nov 3, 2024
Merged
@kmk3 kmk3 closed this as completed in #6531 Nov 7, 2024
kmk3 added a commit that referenced this issue Nov 7, 2024
@kmk3
keepassxc: allow access to ssh-agent socket (#6531)
9a3dc2c 
Fixes #3314.

Relates to #6529.
kmk3 added a commit that referenced this issue Nov 7, 2024
@kmk3
RELNOTES: add docs and profile items
9f1d2c7 
Relates to #3314 #6524 #6526 #6531.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Release 0.9.74
Status: Done (on RELNOTES)
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

profiles: keepassxc: allow access to ssh-agent socket kmk3/firejail
4 participants
@ShellCode33 @agraven @kmk3 @rusty-snake