Storing SSH keys in 1Password - really doesn't work at all well

2

Comments

  • BenBen AWS Team

    Team Member

    Thanks for sharing @jarom. :)

    Ben

  • Chiming in to add my support for storing SSH keys in 1Password as well!

  • BenBen AWS Team

    Team Member

    Thanks @schlappette. :+1:

    Ben

  • edited April 26

    @jarom I've long used KeeAgent (https://lechnology.com/software/keeagent/) plugin for KeePass 2. It integrates very well in Windows (native and PuTTY) and Linux. Under Windows it also works like a charm together with WSL, when using wsl-ssh-pagent (https://github.com/benpye/wsl-ssh-pageant).

    When not looking at enterprise grade PAM solutions I think this is pretty much the usability standard to measure against.

  • ag_anaag_ana

    Team Member

    Thank you for the suggestion @danielwagn3r :+1::)

  • +1 on a solution for ssh keys in 1Password!

  • ag_anaag_ana

    Team Member

    :+1::)

  • Big +1 here as well.

    Either allow multi-line text field in a section or allow a second Notes area to be created below sections where data like this can be kept.

    SSH public and private key pairs, SSL certs etc..

    Adding this as an external file would double what is in the sidebar which is fine if you just a have a few things but we have thousands and that gets messy. Much preferred if all pertinent data is in one place.

  • BenBen AWS Team

    Team Member

    Thanks for chiming in @cameronredux. :)

    Ben

  • Seems like chiming in on this thread is the best way to register support for improving SSH key support though I'm not sure just having a custom category is enough.

    A key can be much more than a standalone entity. It can be the "password" for multiple machines and services and maybe needs to be modelled as something that can be attached to existing category items. For example, consider a Server entry in 1Password. I may have copied a specific public key to the server, and intend to use the associated private key for connection to that server. It would be better to have the key pair associated with the Server entry, rather than copying the data into the Server entry. This is even more important if keys are used on multiple machines.

    I know that we can use Related Item links between items, but keys seem way more important than that basic linkage mechanism. As another posted mentioned, it would be great to be able to link the Key entries to key files on the filesystem that could be used to create a new SSH connection to the Server.

    Thanks folks!

  • ag_anaag_ana

    Team Member

    Thank you for your feedback as well @Maurice Kelly! Especially the usage examples, they are very useful! :+1:

  • No problem. I've worked as software engineer and product manager so happy to help flesh things if you want more feedback!

  • ag_anaag_ana

    Team Member

    Thank you @Maurice Kelly :) Any feedback ideas you have that can help make 1Password better is always welcome ;)

  • I would sure love to have this. It’s been one of those things I’ve had to work around for years and years and years now. I have had to drop copies of my private and public keys in so many weird places to keep track of them, transfer them from one device to another, have access to them when I need them, etc that I can only hope I’ve not been leaking them all over the galaxy. :/

  • LarsLars Junior Member

    Team Member

    @a2sheppy - we hear you. I can't say what the future might hold, but I can definitely say that for now, you can place copies of your keys linked to a Secure Note that includes any other information you want about them. Thanks for weighing in on the subject.

  • +1 for this feature.

    I like the idea of a multi-line password field and/or a multi-line text field. I can see a use for both of these as a public key need not be hidden, but a private key probably should be.

    Additionally, for these fields, I will suggest that you add a "save as file" along with the "copy", "reveal" and such dropdown. Then allow a file name to be specified where it will be saved.

  • BenBen AWS Team

    Team Member

    Thanks @datajock. :)

    Ben

  • thawkinsthawkins
    edited July 12

    This should work as a somewhat awkward workaround for Linux/Mac users

    You can encode an arbitrary file to a single string using the 'base64' command IE: i have a key called id_xxx_rsa in my .ssh folder

    cd ~/.ssh
    cat ./id_xxx_rsa | base64 -w 0 > id_xxx_rsa.b64

    notes: the "-w 0" flag tells "base64" not to insert any linewrap lineends so the output will be in one string

    The contents of the file id_xxx_rsa.b64 is a single string with no line-ends in it at all, which can be pasted into the text field store in 1Password. you can move the file directly to the clipboard ready for pasting using "xclip"

    xclip -selection clipboard < id_xxx_rsa.b64

    Alternatively you can do it all in one go and not create an intermediate b64 file at all using xclip, which should be available for your Linux distribution. I'm not sure if "xclip" is available on MacOSX, perhaps there is an apple equivalent command-line utility. Note that "xclip" is an X11 utility and may not be available on systems running Wayland.

    cd ~/.ssh
    cat ./id_xxx_rsa | base64 -w 0 | xclip -selection clipboard

    To recover the key file, copy the contents of the field back into a file ie ~/.ssh/id_xxx_rsa.b64 and run

    cd ~/.ssh
    cat ./id_do2_rsa.b64 | base64 -d > id_xxx_rsa

    Notes: the -d flag means "decode" so it takes the single string "base64" encoded data and turns it back into the original file again.

    Alternatively we can eliminate the need for a .b64 file again, you can copy the string direct from 1password and run

    cd ~/.ssh
    xclip -o | base64 -d > id_xxx_rsa

    Notes: this takes whatever you have in your clipboard and decodes it and writes it directly to the designated file, the "-o" flag says output the current clipboard selection.

    Cant help windows users i'm afraid, hav'nt opened a windows box for a very very long time.

    Regards Tim Hawkins - CTO - The Red Flag Group.

    update: xclip is available for OSX via brew

    https://brewinstall.org/Install-xclip-on-Mac-with-Brew/

  • ag_anaag_ana

    Team Member

    Thank you for taking the time to share all of these tips @thawkins, that was great!

    (And welcome to the forum :) )

  • +1 on a fully supported solution for ssh keys in 1Password!

  • ag_tommyag_tommy

    Team Member
    edited July 16

    Thanks for adding your voice, @Matt3564 .

  • +1 for storing SSH keys in 1password - my keys have 3 components - public key, private key, passphrase.
    I think this could also apply to TLS public/private keypairs and certs?

  • ag_anaag_ana

    Team Member

    Thank you for your feedback @woodsb02. I believe this could also work for those examples too :+1:

  • ffredrikkffredrikk
    edited August 3

    I'm also looking for a better way to handle certs, gpg, pgp, ssh keys etc.

  • ag_anaag_ana

    Team Member

    Thank you for letting us know @ffredrikk :+1:

  • Finding the way to store SSH keys and hope to add the feature. Thanks!

  • ag_anaag_ana

    Team Member

    Thank you for sharing this with us @DavidWu :+1::)

  • Count me in as someone who would love to see this added to 1Password. I created a "Secure Note" but everything is visible as soon as you click on the secure note entry.

    Anyone else have suggestions? Someone earlier in the discussion mentioned adding a file, but I've never made use of that feature. How does that work?

  • BenBen AWS Team

    Team Member

    Thanks @bpavlov. If you're interested in trying out Documents to see if they can help here we have a guide on them available:

    Save important files in 1Password

    Ben

  • Please, add me to the waiting list too. I will be happy to have solution to store ssh keys in 1P.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file