How to export SSH private key using CLI?

gboudrea
gboudrea
Community Member
edited March 2022 in CLI

So I now store my SSH private keys in 1Password.
One problem I have with that is that some clients really need the private key files on disk to work (Sequel-Ace, to name one).
So I thought I could create a simple command-line script that would use op to export my SSH private key to a file, and then delete that file a few seconds later, allowing those "legacy" clients to connect using my private key.

But I just can't find how to use op to export my private key as an OpenSSH private key.
If I download the key from the 1Password 8 client, I get a text file that starts with -----BEGIN OPENSSH PRIVATE KEY-----
But if I use the CLI like this : op read op://Personal/id_ed25519/'private key', I instead get a key that starts with -----BEGIN PRIVATE KEY-----

So, how can I export an OpenSSH private key using CLI?
Or is there another way to export my SSH keys to disk?

Thanks

1Password Version: CLI 2.0.0
Extension Version: N/A
OS Version: macOS 12.3

Comments

  • jrmoulton
    jrmoulton
    Community Member

    I have this same issue

  • smgt
    smgt
    Community Member

    When I load the ssh private key from op I get the correct key. I use the openssh ssh-agent (not 1password) and I can just pipe the key to ssh-add. ssh-add <(op read op://Personal/key/private_key)

  • Horia.Culea_1P
    Horia.Culea_1P

    Thank you for pointing this out, @jrmoulton!
    I have opened an internal ticket for investigating this.
    We'll keep this thread updated with anything that may come out of it.
    Once again, thanks for reporting this, and let us know if we can help with anything else!

    Best,
    Horia

  • Plivox
    Plivox
    Community Member

    Same problem the exported key is not a private ssh key.

  • Justin.Yoon_1P
    Justin.Yoon_1P

    Hey @Plivox - just to clarify - do you get that error message when running this command? ssh-add <(op read op://Personal/key/private_key)

  • andrepereira
    andrepereira
    Community Member
    edited June 2022

    Same here, @Justin.Yoon_1P though you didn't ask me, given no one responded yet, I confirm running the command you suggested I get the following error:

    Error loading key "/var/folders/y_/yfcgp8dj37b14jrlq2pq0rqm0000gq/T//.psub.Cz9bsuaXei": invalid format

    Maybe the CLI could provide something similar to the --otp flag to export the private key suitable to be imported by ssh-add?

  • andrepereira
    andrepereira
    Community Member
    edited June 2022

    What I ended up doing was to create another entry with document type and copied the private key from the ssh type entry, then doing this:

    ssh-add <(op document get 'private_key')

  • Justin.Yoon_1P
    Justin.Yoon_1P

    Hey @andrepereira

    Thank you for responding anyway!

    I'd like to file an internal issue for this, but before I do, may I just confirm that you are on the latest version of op?

    We introduced some improvements to SSH Key item rendering in v2.3.0.

  • gboudrea
    gboudrea
    Community Member
     
    gb@MacBook-Pro:~ $ op --version
2.4.1

gb@MacBook-Pro:~ $ op read op://Personal/id_ed25519/'private key'
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
  • andrepereira
    andrepereira
    Community Member
    edited June 2022

    @Justin.Yoon_1P version 2.4.1

  • Justin.Yoon_1P
    Justin.Yoon_1P

    Thanks @gboudrea and @andrepereira ,

    I'll file a bug to ensure that there is a way to retrieve a formatted version of the private key.

  • Plivox
    Plivox
    Community Member

    Hey @Plivox - just to clarify - do you get that error message when running this command? ssh-add <(op read op://Personal/key/private_key)

    Error loading key "...": invalid format

  • Horia.Culea_1P
    Horia.Culea_1P

    Thanks Plivox!
    Will add this to the issue.

    Best,
    Horia

This discussion has been closed.