I’ve setup some SSH-Vaults and AppVMs which use those ssh-keys for Split SSH, consistent with this guide (and may others out there).
I actually have 2 SSH-Vaults, one for work where my SSH key also has a password, and another for personal use where my SSH key does not have a password.
I’ve used ssh-add to add the keys to the agent in each vault, and verified access using ssh-add -L. After rebooting each vault, the password-protected key does not persist, so I have to use ssh-add again in the vault, while the non-password-protected key does persist.
The vaults are running Fedora30.
Is there some trick or script updates I must use to make the password-protected-key persist through reboots?
The one I mentioned is 4 years old, but the one you mentioned is less than 4 months old. It’s a very tall order to expect users to stay apprised of updates to all guides that might affect a user with that kind of timeliness. Anyway, the recent guide you reference is exactly the same implementation as the 4 year old guide, with the exception of using socat instead of netcat, but with one important addition:
Yup. I feel that. The external documentation part on the Qubes website is the go-to index for this sort of stuff (Documentation | Qubes OS). The community documentation should be in sync with that.