Storing SSH keys in 1Password - really doesn't work at all well

24

Comments

  • Thanks for sharing @jarom. :)

    Ben

  • schlappette
    schlappette
    Community Member

    Chiming in to add my support for storing SSH keys in 1Password as well!

  • Thanks @schlappette. :+1:

    Ben

  • danielwagn3r
    danielwagn3r
    Community Member
    edited April 2020

    @jarom I've long used KeeAgent (https://lechnology.com/software/keeagent/) plugin for KeePass 2. It integrates very well in Windows (native and PuTTY) and Linux. Under Windows it also works like a charm together with WSL, when using wsl-ssh-pagent (https://github.com/benpye/wsl-ssh-pageant).

    When not looking at enterprise grade PAM solutions I think this is pretty much the usability standard to measure against.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the suggestion @danielwagn3r :+1: :)

  • a.jaffe
    a.jaffe
    Community Member

    +1 on a solution for ssh keys in 1Password!

  • ag_ana
    ag_ana
    1Password Alumni

    :+1: :)

  • cameronredux
    cameronredux
    Community Member

    Big +1 here as well.

    Either allow multi-line text field in a section or allow a second Notes area to be created below sections where data like this can be kept.

    SSH public and private key pairs, SSL certs etc..

    Adding this as an external file would double what is in the sidebar which is fine if you just a have a few things but we have thousands and that gets messy. Much preferred if all pertinent data is in one place.

  • Thanks for chiming in @cameronredux. :)

    Ben

  • Maurice Kelly
    Maurice Kelly
    Community Member

    Seems like chiming in on this thread is the best way to register support for improving SSH key support though I'm not sure just having a custom category is enough.

    A key can be much more than a standalone entity. It can be the "password" for multiple machines and services and maybe needs to be modelled as something that can be attached to existing category items. For example, consider a Server entry in 1Password. I may have copied a specific public key to the server, and intend to use the associated private key for connection to that server. It would be better to have the key pair associated with the Server entry, rather than copying the data into the Server entry. This is even more important if keys are used on multiple machines.

    I know that we can use Related Item links between items, but keys seem way more important than that basic linkage mechanism. As another posted mentioned, it would be great to be able to link the Key entries to key files on the filesystem that could be used to create a new SSH connection to the Server.

    Thanks folks!

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for your feedback as well @Maurice Kelly! Especially the usage examples, they are very useful! :+1:

  • Maurice Kelly
    Maurice Kelly
    Community Member

    No problem. I've worked as software engineer and product manager so happy to help flesh things if you want more feedback!

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you @Maurice Kelly :) Any feedback ideas you have that can help make 1Password better is always welcome ;)

  • a2sheppy
    a2sheppy
    Community Member

    I would sure love to have this. It’s been one of those things I’ve had to work around for years and years and years now. I have had to drop copies of my private and public keys in so many weird places to keep track of them, transfer them from one device to another, have access to them when I need them, etc that I can only hope I’ve not been leaking them all over the galaxy. :/

  • Lars
    Lars
    1Password Alumni

    @a2sheppy - we hear you. I can't say what the future might hold, but I can definitely say that for now, you can place copies of your keys linked to a Secure Note that includes any other information you want about them. Thanks for weighing in on the subject.

  • datajock
    datajock
    Community Member

    +1 for this feature.

    I like the idea of a multi-line password field and/or a multi-line text field. I can see a use for both of these as a public key need not be hidden, but a private key probably should be.

    Additionally, for these fields, I will suggest that you add a "save as file" along with the "copy", "reveal" and such dropdown. Then allow a file name to be specified where it will be saved.

  • Thanks @datajock. :)

    Ben

  • thawkins
    thawkins
    Community Member
    edited July 2020

    This should work as a somewhat awkward workaround for Linux/Mac users

    You can encode an arbitrary file to a single string using the 'base64' command IE: i have a key called id_xxx_rsa in my .ssh folder

    cd ~/.ssh
    cat ./id_xxx_rsa | base64 -w 0 > id_xxx_rsa.b64

    notes: the "-w 0" flag tells "base64" not to insert any linewrap lineends so the output will be in one string

    The contents of the file id_xxx_rsa.b64 is a single string with no line-ends in it at all, which can be pasted into the text field store in 1Password. you can move the file directly to the clipboard ready for pasting using "xclip"

    xclip -selection clipboard < id_xxx_rsa.b64

    Alternatively you can do it all in one go and not create an intermediate b64 file at all using xclip, which should be available for your Linux distribution. I'm not sure if "xclip" is available on MacOSX, perhaps there is an apple equivalent command-line utility. Note that "xclip" is an X11 utility and may not be available on systems running Wayland.

    cd ~/.ssh
    cat ./id_xxx_rsa | base64 -w 0 | xclip -selection clipboard

    To recover the key file, copy the contents of the field back into a file ie ~/.ssh/id_xxx_rsa.b64 and run

    cd ~/.ssh
    cat ./id_do2_rsa.b64 | base64 -d > id_xxx_rsa

    Notes: the -d flag means "decode" so it takes the single string "base64" encoded data and turns it back into the original file again.

    Alternatively we can eliminate the need for a .b64 file again, you can copy the string direct from 1password and run

    cd ~/.ssh
    xclip -o | base64 -d > id_xxx_rsa

    Notes: this takes whatever you have in your clipboard and decodes it and writes it directly to the designated file, the "-o" flag says output the current clipboard selection.

    Cant help windows users i'm afraid, hav'nt opened a windows box for a very very long time.

    Regards Tim Hawkins - CTO - The Red Flag Group.

    update: xclip is available for OSX via brew

    https://brewinstall.org/Install-xclip-on-Mac-with-Brew/

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for taking the time to share all of these tips @thawkins, that was great!

    (And welcome to the forum :) )

  • Matt3564
    Matt3564
    Community Member

    +1 on a fully supported solution for ssh keys in 1Password!

  • ag_tommy
    edited July 2020

    Thanks for adding your voice, @Matt3564 .

  • woodsb02
    woodsb02
    Community Member

    +1 for storing SSH keys in 1password - my keys have 3 components - public key, private key, passphrase.
    I think this could also apply to TLS public/private keypairs and certs?

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for your feedback @woodsb02. I believe this could also work for those examples too :+1:

  • ffredrikk
    ffredrikk
    Community Member
    edited August 2020

    I'm also looking for a better way to handle certs, gpg, pgp, ssh keys etc.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for letting us know @ffredrikk :+1:

  • DavidWu
    DavidWu
    Community Member

    Finding the way to store SSH keys and hope to add the feature. Thanks!

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for sharing this with us @DavidWu :+1: :)

  • bpavlov
    bpavlov
    Community Member

    Count me in as someone who would love to see this added to 1Password. I created a "Secure Note" but everything is visible as soon as you click on the secure note entry.

    Anyone else have suggestions? Someone earlier in the discussion mentioned adding a file, but I've never made use of that feature. How does that work?

  • Thanks @bpavlov. If you're interested in trying out Documents to see if they can help here we have a guide on them available:

    Save important files in 1Password

    Ben

  • nikanorov
    nikanorov
    Community Member

    Please, add me to the waiting list too. I will be happy to have solution to store ssh keys in 1P.

This discussion has been closed.