How to combine SSH feature with headless Raspberry Pi?
At home I have a few headless Raspberry Pi's on which I run some Node.js scripts that I develop on my Mac.
So far I stored both the SSH key for my private GitHub repo's and the SSH keys to log in on those Pi's in Secure Notes in 1Password. All these keys are protected by a passphrase, which is stored in those notes as well. On the Mac the keychain made sure I had to type those passphrase only once (in the keys' lifetime). However, whenever I finished some work and pushed it to GitHub I would have to type in the passphrase (of the GitHub key) on the Pi to pull the changes there.
Now I plan to use the 1Password SSH agent on my Mac (for all my SSH keys).
What can/should I do on the Pi?
- Keep typing the passphrase (Store it as a custom field in the new SSH item? Store it as a new password item?)
- Can I somehow use the CLI and/or SSH agent on a (headless) Pi? (Raspberry Pi OS is a Linux variant after all)
- Something completely different? (What?)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
You could use 1Password as your keychain substitute. It then shouldn’t matter if you’re connected via SSH to your Raspberrys or if you’re working on your local machine.
Until today and the new SSH feature, I have always opened this little quick find box (Ctrl+Shift+Space), typed the name of the key and copied the password via hotkey and inserted it into the password prompt. It may also work for you.
0 -
It sounds like what you want is ssh agent forwarding: https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding. That allows you to keep your keys on your machine but still use them from the headless Pis.
0 -
SSH Agent Forwarding is the correct approach. Just be extra careful with agent forwarding because it can be a security risk. Only allow it to be used for hosts that you are in full control of. Never set
ForwardAgent yes
when connected to a host owned or operated by a 3rd party.0 -
Thank you for the suggestions!
Agent Forwarding works and seems to be a better solution than what I was doing before.
Now I need to figure out how to set up Agent Forwarding in Blink for the occasional editing on my iPad...
0 -
In my experience adding
-A
to the ssh command in blink just works after adding the key withssh-add KEYNAME
.0 -
Indeed. Got it to work like that earlier today. Thanks!
0