How to combine SSH feature with headless Raspberry Pi?

XIII
XIII
Community Member
edited May 2022 in SSH

At home I have a few headless Raspberry Pi's on which I run some Node.js scripts that I develop on my Mac.

So far I stored both the SSH key for my private GitHub repo's and the SSH keys to log in on those Pi's in Secure Notes in 1Password. All these keys are protected by a passphrase, which is stored in those notes as well. On the Mac the keychain made sure I had to type those passphrase only once (in the keys' lifetime). However, whenever I finished some work and pushed it to GitHub I would have to type in the passphrase (of the GitHub key) on the Pi to pull the changes there.

Now I plan to use the 1Password SSH agent on my Mac (for all my SSH keys).

What can/should I do on the Pi?

  • Keep typing the passphrase (Store it as a custom field in the new SSH item? Store it as a new password item?)
  • Can I somehow use the CLI and/or SSH agent on a (headless) Pi? (Raspberry Pi OS is a Linux variant after all)
  • Something completely different? (What?)

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • MaxRaab
    MaxRaab
    Community Member

    You could use 1Password as your keychain substitute. It then shouldn’t matter if you’re connected via SSH to your Raspberrys or if you’re working on your local machine.

    Until today and the new SSH feature, I have always opened this little quick find box (Ctrl+Shift+Space), typed the name of the key and copied the password via hotkey and inserted it into the password prompt. It may also work for you.

  • ssgelm
    ssgelm
    Community Member

    It sounds like what you want is ssh agent forwarding: https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding. That allows you to keep your keys on your machine but still use them from the headless Pis.

  • Lachy
    Lachy
    Community Member

    SSH Agent Forwarding is the correct approach. Just be extra careful with agent forwarding because it can be a security risk. Only allow it to be used for hosts that you are in full control of. Never set ForwardAgent yes when connected to a host owned or operated by a 3rd party.

  • XIII
    XIII
    Community Member

    Thank you for the suggestions!

    Agent Forwarding works and seems to be a better solution than what I was doing before.

    Now I need to figure out how to set up Agent Forwarding in Blink for the occasional editing on my iPad...

    https://docs.blink.sh/advanced/advanced-ssh

  • ssgelm
    ssgelm
    Community Member
    edited February 2022

    In my experience adding -A to the ssh command in blink just works after adding the key with ssh-add KEYNAME.

  • XIII
    XIII
    Community Member

    Indeed. Got it to work like that earlier today. Thanks!

This discussion has been closed.