Can you remove SSH keys from the agent if 1Password is locked?
I'm a big fan of KeePassXC's feature where you can set an option to add the keys on unlock and remove the keys on lock from the SSH agent. I personally think this a pretty good idea if you leave your computer unlocked for any amount of time while away.
The SSH-Agent feature didn't work for me until I manually reinstalled OpenSSH for Windows but when I finally did get it working it looks like as soon as 1password opened it would add the keys to the SSH-agent regardless if 1Password was unlocked or not.
1Password Version: 8.9.8
Extension Version: Not Provided
OS Version: Windows 11
Browser:_ Not Provided
Comments
-
To answer my own question it seems like it does do this, it keeps the key in the agent but any time you want to ssh into something if 1Password is locked it will require identification. (Security from Windows Hello, which then unlocks 1Password). It seems you don't need to provide any more information after until 1Password locks again.
0 -
Hi @TrevinLC1997:
Great question! We touch on the security model of the SSH agent here: Security | Developer Documentation
Let me know if that answers your questions, or if you'd like me to dig in further with you.
Jack
0