SSH Certificates Synchronization
I am looking to sync my SSH Certificates across the different servers in my home lab using 1Password Secrets. Is this something that is supported and or recommended?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hey @johngalt2 -
You could certainly use an instance of Connect to do that. Your servers will need to pull from the Connect API, however. We don't expose the sync mechanism used to copy your encrypted secrets from 1Password to your Connect deployments.
If you provide more details about your use case I can offer some potential solutions :smile:
0 -
Hi @David_ag,
Thanks for replying. As you can probably tell I am new to 1Password Secrets. I don't want this to be an XY problem, so please tell me if I am trying to make a round peg fit in a square peg. I can either abandon my goal or perhaps there is a better way to do this. I would still like to come up with an excuse to use it, but perhaps that is storing all of my credentials for my docker containers that are right now in a env file.
I have about 5 servers (Rasbperry Pi, NASes etc.) in my homelab that I login to via SSH. Right now they all have separate passwords that I store in 1Password and I copy and paste the password into the shell. This is especially annoying when I need to re-enter the password when I am using sudo frequently. It would be great if I can login securely _and _conveniently. It seems that ssh certificates allow for this, but copying certs between all the servers manually and maintaining these seems annoying. It is just me that is logging in so I don't need to worry about sharing secrets and passwords among multiple users.
- Do I use 1Password Secrets?
- Is there a better tool for this? Someone on another forum suggested Teleport https://goteleport.com/docs/getting-started/docker-compose/. This seems a little overkill as well.
- Guacamole might be an easy way to solve this
- Is there a simple way to achieve this?
Thanks!
0 -
It sounds like you're looking for a way to make sure the same SSH certificate is on every sever. I can't comment on your specific setup, but usually each host has its own unique certificate. Then you you generate a client certificate on your laptop/desktop/device that you use to log in to any of those servers.
With that said, I have two ideas in mind:
1. You could use 1Password Connect as a central store for the certificates and setup a cronjob on each server that makes an HTTP request to the Connect server for its host certificate. Then you can store the certificates in 1Password and manage them from there.- You may also be interested in joining our CLI 2.0 Beta and SSH key management Beta: Sign-up here. The SSH key management beta may be the perfect solution for your problem :)
0 -
Add another +1 for better SSH/PGP/HTTPS support for both secrets and public key management in 1Password (for individuals/families), and 1Password for business. We migrated from LastPass and ssh keys came over badly. We need a good solution for the client side of this problem. I'm new to 1Password connect or secrets, as in I haven't tried it yet. We just noticed that the 1Password import of LastPass corrupted some keys and certificates. I hope we can recover and fix that information, but we will also need a solution going forward. A local SSH/GPG agent (for windows/mac/Linux) would be ideal, but we are open to other options. Is it possible 1Password has other options than multi-line text fields or storing key data as documents (or painfully via base64) that I don't know about?
0 -
@jeremygaither Thank you for sharing your experiences. I am forwarding them to the folks that are working on the SSH key management feature.
Signing up for the SSH Key Management Beta is still possible today and tomorrow by going to this page. Judging from your post, you may like it :wink:
0 -
Hey @jeremygaither 👋 Can you tell me a little more about how you were storing your SSH keys within LastPass? Were you storing them as a particular item type? As a field within another item? Or something else? Additionally, were those keys in a private or shared folder within LastPass?
And I definitely echo Joris in that you should sign up for the beta 😉
0