Better handling of SSH keys

Ben

That's pretty ambitious. :chuffed: I'll pass along the suggestions. :+1:

Ben

danielwagn3r

+1

ag_ana

:+1: :)

csharpsteen

Another vote for SSH key handling. I would be happy with multi-line support for the password field. History would be great too.

Context: my company uses 1password to track most secrets. Having multi-line support would make it easy to automate rolling out SSH updates by updating the 1password record and having history would make it easy to roll back.

Ben

Thanks, @csharpsteen.

Ben

alexreg

+1 on this too. Would be great to get integration with an app like Prompt 2, which already supports usernames/passwords from 1Password, but not SSH keys.

ag_ana

Thank you @alexreg :)

Skilly

I've just tried (again) to add a new SSH key to 1Password and am (again) surprised to see that there isn't a specific SSH Key category. I would love to see a specific category for SSH keys alongside Logins, Credit Cards, etc. While I have managed to use 1Password successfully to remove my passwords from my various computers, I still have various accounts very much at risk from a security perspective due to all the SSH keys that I have to continue maintaining on my computer

edtd

This bug has been present in 1password for at least 5 years, and I'm guessing it's been a bug since day 1. There are multiple different discussions that reference it in some way. Many of them are now locked,

If I paste text that contains line breaks into a field, converting those fields to spaces is a bug. I can't imagine a single situation where that is the expected and preferred behavior. Sure, a dedicated SSH key field would be nice, but just fixing the bug that converts new lines into spaces would allow all the workarounds for storing multi-line data to be avoided.

Ben

Hi folks,

Just to update/summarize here:

It seems the primary concern is the fact that by using the built-in notes field it is not possible to conceal the entered text when the 1Password application is unlocked. To get around that, some have tried using a password-type field.

1. We have a feature request filed to add support for a multi-line field that is concealed by default. At present password-type fields support only a single line. I'm not in a position to make any specific commitments about that, other than to say I'll certainly advocate for it at any opportunity, as I believe it would (largely) solve this problem. It may also be useful in other cases.
2. Another option, currently available, would be to store the SSH key as a Document item. This is the route I've personally taken, and find to be fairly convenient, as I can then just save the key file to my ~/.ssh folder. To expand on that... I actually have a total of 3 items in 1Password. I have my public key and private key each saved as Document items, and then I've created a Secure Note which has a reminder about how to install as well as password fields for the passphrase and fingerprint. It ends up looking something like this:
   
   Hopefully in the future it'll be possible to get that multi-line concealed field implemented so that this could, in theory, be cut down to just one item. Until then that is what I've found works for me.

I hope that helps!

Ben

ref: dev/projects/customer-feature-requests#124

danielwagn3r

Could you also consider a feature request for an explicit handling of entries of type SSH key?

I've mentioned it on another thread regarding SSH key handling, KeePass (https://keepass.info/) + KeeAgent (https://lechnology.com/software/keeagent/) are setting a good standard in this category of secrets management products (I just ignore the fact that more enterprisy PAM products like CyberArk exist).

The basic idea there is to store a PuTTY PPK file in the entry together with the password of the PPK file. The fingerprint and public-key are then derivate of this information.

To come over the manual file handling, KeeAgent provides a PuTTY and (optinally) OpenSSH / Windows SSH client compatible SSH agent. So, there's no need any more to store the files. This could be a feature of the 1Password Desktop clients.

Ben

@danielwagn3r

I wouldn't go so far as to say we wouldn't consider it, but I don't think that is something that would make it on the radar in the foreseeable future. Our primary focus for the upcoming development cycles is cross-platform consistency, and so adding features that are not mobile friendly would likely be a hard sell. Even just adding a specific category for SSH keys would likely not be something we'd do, particularly in the near-term. We get a ton of requests for different categories, with different fields, etc. We could probably spend all day doing nothing but building categories / templates and still not satisfy everyone. ;) Instead it seems more likely that we'll work toward the ability for customers to create their own custom categories. We do already have something like that in beta for 1Password Business customers.

I hate to be the bearer of unwelcome news, and while we do tend to hold future plans extremely close to our chest, I try to be as up front in that regard as I'm able. I think particularly in cases like this we do better by setting realistic expectations vs giving potentially false impressions. The multi-line concealed field option would likely be the best we could hope for in terms of SSH support in 1Password, for now.

Ben

danielwagn3r

@Ben Thanks for the clarification. I prefer knowing the direction a production is going, to not having any comment. Your focus on cross platform and mobile compatibility is understandable. SSH just doesn't fit in this picture.

Would be cool if your outlined roadmap towards customizations (categories, perhaps even addons for the clients) turns out well.

ag_tommy

:+1: :chuffed:

peterclauterbach

+1 on the GPG key handling. I've got to create a new GPG key, "I'll use 1Password", I thought. Then I found the other closed thread with the GPG KEY feature request, just filled with with sadness. 1Password is my go to for all thing security related, and GPG and SSH keys are a natural extension of your great product.

ag_ana

Thank you for the feedback too @peterclauterbach :) And sorry for the sadness!

bestlem

@ben in your latest 'solution' section 2 you have the keys as attachments in a secure note. But I cant see how to use the data saved.

I have this but it is really not much use.

To see the key all I can do quick look it and all that does is allow me to export it to TextEdit.

Surely there must be a way to see the key inside 1password. They are text files

Oddly I can see other secure documents

We need multiple line fields at least not attachem,ents.

ag_ana

@bestlem:

I believe Ben's suggestion is to make it more convenient to save those items in your SSH folder, rather than to just view them:

This is the route I've personally taken, and find to be fairly convenient, as I can then just save the key file to my ~/.ssh folder.

I think the reason why you are not allowed to view the contents of the file, and are instead prompted to open a text editor, is because the file has no extension. I have just made a quick test, and adding the .txt extension allowed me to view the contents within 1Password.

bestlem

@ag_ana Not quite that simple but having a .pub extension does allow the file to be opened anywhere but in TextEdit

ag_ana

@bestlem:

I tried with a .txt extension, and that also allowed 1Password to display it directly :+1:

veducm

Another +1 to adding better support for SSH Keys.

I’m currently in the middle of migrating my team from LastPass and I’m really surprised this is not already a feature.

ag_ana

@veducm:

Thank you for the feedback as well. I have passed your thoughts to the developers.

ref: dev/projects/customer-feature-requests#124

psztoch

1Password should add integration with PuTTY Pageant too!

ag_ana

Thank you for the suggestion!