How to export SSH private key using CLI?

gboudreagboudrea
Community Member
edited March 20 in CLI

So I now store my SSH private keys in 1Password.
One problem I have with that is that some clients really need the private key files on disk to work (Sequel-Ace, to name one).
So I thought I could create a simple command-line script that would use op to export my SSH private key to a file, and then delete that file a few seconds later, allowing those "legacy" clients to connect using my private key.

But I just can't find how to use op to export my private key as an OpenSSH private key.
If I download the key from the 1Password 8 client, I get a text file that starts with -----BEGIN OPENSSH PRIVATE KEY-----
But if I use the CLI like this : op read op://Personal/id_ed25519/'private key', I instead get a key that starts with -----BEGIN PRIVATE KEY-----

So, how can I export an OpenSSH private key using CLI?
Or is there another way to export my SSH keys to disk?

Thanks


1Password Version: CLI 2.0.0
Extension Version: N/A
OS Version: macOS 12.3

Comments

  • jrmoultonjrmoulton
    Community Member

    I have this same issue

  • smgtsmgt
    Community Member

    When I load the ssh private key from op I get the correct key. I use the openssh ssh-agent (not 1password) and I can just pipe the key to ssh-add. ssh-add <(op read op://Personal/key/private_key)

  • Horia.Culea_1PHoria.Culea_1P

    Team Member

    Thank you for pointing this out, @jrmoulton!
    I have opened an internal ticket for investigating this.
    We'll keep this thread updated with anything that may come out of it.
    Once again, thanks for reporting this, and let us know if we can help with anything else!

    Best,
    Horia

  • PlivoxPlivox
    Community Member

    Same problem the exported key is not a private ssh key.

  • Justin.Yoon_1PJustin.Yoon_1P

    Team Member

    Hey @Plivox - just to clarify - do you get that error message when running this command? ssh-add <(op read op://Personal/key/private_key)

  • andrepereiraandrepereira
    Community Member
    edited June 12

    Same here, @Justin.Yoon_1P though you didn't ask me, given no one responded yet, I confirm running the command you suggested I get the following error:

    Error loading key "/var/folders/y_/yfcgp8dj37b14jrlq2pq0rqm0000gq/T//.psub.Cz9bsuaXei": invalid format

    Maybe the CLI could provide something similar to the --otp flag to export the private key suitable to be imported by ssh-add?

  • andrepereiraandrepereira
    Community Member
    edited June 13

    What I ended up doing was to create another entry with document type and copied the private key from the ssh type entry, then doing this:

    ssh-add <(op document get 'private_key')

  • Justin.Yoon_1PJustin.Yoon_1P

    Team Member

    Hey @andrepereira

    Thank you for responding anyway!

    I'd like to file an internal issue for this, but before I do, may I just confirm that you are on the latest version of op?

    We introduced some improvements to SSH Key item rendering in v2.3.0.

  • gboudreagboudrea
    Community Member
    [email protected]:~ $ op --version
    2.4.1
    
    [email protected]:~ $ op read op://Personal/id_ed25519/'private key'
    -----BEGIN PRIVATE KEY-----
    ...
    -----END PRIVATE KEY-----
    
  • andrepereiraandrepereira
    Community Member
    edited June 14

    @Justin.Yoon_1P version 2.4.1

  • Justin.Yoon_1PJustin.Yoon_1P

    Team Member

    Thanks @gboudrea and @andrepereira ,

    I'll file a bug to ensure that there is a way to retrieve a formatted version of the private key.

  • PlivoxPlivox
    Community Member

    Hey @Plivox - just to clarify - do you get that error message when running this command? ssh-add <(op read op://Personal/key/private_key)

    Error loading key "...": invalid format

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file