Feature idea: when creating ssh keys, consider option to auto add comment to end of public key
When copying and pasting public keys to remote servers it is helpful if they include a comment to easily identify keys when reviewing authorized_keys
Under Developer options consider having a flag to auto-add comment to key so if generating a key for "web apps server bronze 2022" it might add a comment at end: == 1password-web-apps-server-bronze-2022
Alternatively you could have a ssh comment field in 1password and whatever user defines is automatically added to end of public key.
1Password Version: 8
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
+1 to this - when creating a new key today in 1Password, I thought perhaps that adding an additional field to the object of email would perhaps append it as a comment in the public key. I also tested to see if the notes field would do it.
I think there's a few options here for implementation that would be useful (or a combination) - I do like your proposal above to suffix with the object name, but that means I now need to consider what the comment will be when naming the object.
I think a good option could be to have a dropdown select for
Public Key Comment
- Use account email (based on vault)
- Use SSH key item name (strip whitespace / replace with hyphen / maybe display warning that this is happening)
- Custom - text field that validates entry
I only say validates entry for comment because you're limited to 1023 characters... https://github.com/openssh/openssh-portable/blob/94eb6858efecc1b4f02d8a6bd35e149f55c814c8/ssh-keygen.c#L1507) - frankly if you're hitting that limit then need help and possibly a wiki
I went down a little bit of a rabbit hole here as well -
ssh-keygen -c
won't let you enter a comment longer than 1023 characters - you can enter 1024, but it won't let you press enter until you remove the last one. If you then vi your pub you can go absolutely wild and neither ssh nor ssh-agent will care, butssh-add -L
will only print 1023 characters.Anyway
Agree though that comment options are needed, as there's no way to edit the public key to add one manually, despite it being an incredibly useful component.
Also 1Password strips the comment if you have one and import. That's not good - store my pub, don't modify it
2 -
++ on this. Just went through all the same motions of assumption - experimentation - failing - giving up.
2