Feature idea: when creating ssh keys, consider option to auto add comment to end of public key

rodneyt
rodneyt
Community Member
edited May 2022 in SSH

When copying and pasting public keys to remote servers it is helpful if they include a comment to easily identify keys when reviewing authorized_keys

Under Developer options consider having a flag to auto-add comment to key so if generating a key for "web apps server bronze 2022" it might add a comment at end: == 1password-web-apps-server-bronze-2022
Alternatively you could have a ssh comment field in 1password and whatever user defines is automatically added to end of public key.


1Password Version: 8
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • stuhall
    stuhall
    Community Member

    +1 to this - when creating a new key today in 1Password, I thought perhaps that adding an additional field to the object of email would perhaps append it as a comment in the public key. I also tested to see if the notes field would do it.

    I think there's a few options here for implementation that would be useful (or a combination) - I do like your proposal above to suffix with the object name, but that means I now need to consider what the comment will be when naming the object.

    I think a good option could be to have a dropdown select for

    Public Key Comment

    • Use account email (based on vault)
    • Use SSH key item name (strip whitespace / replace with hyphen / maybe display warning that this is happening)
    • Custom - text field that validates entry

    I only say validates entry for comment because you're limited to 1023 characters... https://github.com/openssh/openssh-portable/blob/94eb6858efecc1b4f02d8a6bd35e149f55c814c8/ssh-keygen.c#L1507) - frankly if you're hitting that limit then need help and possibly a wiki

    I went down a little bit of a rabbit hole here as well - ssh-keygen -c won't let you enter a comment longer than 1023 characters - you can enter 1024, but it won't let you press enter until you remove the last one. If you then vi your pub you can go absolutely wild and neither ssh nor ssh-agent will care, but ssh-add -L will only print 1023 characters.

    Anyway

    Agree though that comment options are needed, as there's no way to edit the public key to add one manually, despite it being an incredibly useful component.

    Also 1Password strips the comment if you have one and import. That's not good - store my pub, don't modify it

  • BobW
    BobW
    Community Member

    ++ on this. Just went through all the same motions of assumption - experimentation - failing - giving up.

This discussion has been closed.