ssh-copy-id functionality

Lachy
Lachy
Community Member
edited May 2022 in SSH

Without the private key files in ~/.ssh/, it's less convenient to use ssh-copy-id to put public keys onto servers. It would be useful if 1Password provided an easy solution for this, perhaps UI built into 1Password itself or some kind of integration with or replacement for ssh-copy-id so that it can read the private keys from 1Password.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • alexclst
    alexclst
    Community Member

    This could be something added to the 1Password CLI perhaps? Like an op copy-ssh-public-key command or something.

  • dcoghlan
    dcoghlan
    Community Member

    +1 for this

  • illutron
    illutron
    Community Member

    +1

  • dcoghlan
    dcoghlan
    Community Member

    +1 for this

  • K.J._1P
    K.J._1P
    edited March 2022

    Hello! I have no used ssh-copy-id, but from the docs it should use ssh-add -L to look for keys in the agent:

    Otherwise, if this: ssh-add -L provides any output, it uses that in preference to the identity file.

    SSH for 1Password 8 supports ssh-add -L, however, at least on my machine, it won't read an IdentityAgent from ~/.ssh/config and requires the SSH_AUTH_SOCK environment variable set.

    SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" ssh-add -L

    I tested ssh-copy-id locally with the environment variable and it was able to successfully add a new key.

    Are you able to test this environment variable with ssh-copy-id? Thanks!

  • GreSuh
    GreSuh
    Community Member

    Hi,
    these paths with spaces are a little tricky. Maybe the socket should be created in a more common location.
    Nevertheless
    export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
    worked for ssh-add.

    And ssh-copy-id also seems to accept this:

    ➜  ~ ssh-copy-id user@host                                                            
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 3 key(s) remain to be installed -- if you are prompted now it is to install the new keys
  • ktulu
    ktulu
    Community Member

    I got multiple keys now in 1password and ssh-add -l shows them. Now I want to add only one of them via ssh-copy. How would I do that? It should only copy one specific key and not all.

  • kjaleshire
    kjaleshire
    Community Member

    Unfortunately there's not a way to specify a key except by filename with ssh-copy-id. Since the keys in 1Password are ID'd by name in the comment section, you can list the public keys with ssh-add -L, grep one by ID, and copy that:

    ssh user@host "echo $(ssh-add -L | grep "$KEY_ID\$") >> ~/.ssh/authorized_keys"

    where $KEY_ID is the name of the SSH key in 1Password.

  • finnmatti
    finnmatti
    Community Member
    edited November 2022

    ssh user@host "echo $(ssh-add -L | grep "$KEY_ID\$") >> ~/.ssh/authorized_keys"

    This only works if an authorized_keys file exists already. So you might have to create it first:

    Create the .ssh directory:
    mkdir ~/.ssh
    Set the right permissions:
    chmod 700 ~/.ssh
    Create the authorized_keys file:
    touch ~/.ssh/authorized_keys
    Set the right permissions:
    chmod 600 ~/.ssh/authorized_keys

    From here: https://askubuntu.com/a/466558

  • Jack.P_1P
    Jack.P_1P

    Thanks for sharing @finnmatti!

    Jack

This discussion has been closed.