SSH key stored in non-default value is not available to the ssh agent?

meowzz
meowzz
Community Member
edited May 2022 in SSH

I'm testing out the new SSH key feature.

If the key is stored in the default "private" vault, ssh MY_HOST works without any issue.
Once I move the key to another vault (not shared), ssh MY_HOST stops working.

If I move it back, it works again.

So it seems that the agent is not able to retrieve keys from the non-default vault?


1Password Version: 8.6.0
Extension Version: Not Provided
OS Version: macOS 12.2

Comments

  • meowzz
    meowzz
    Community Member

    I just found the below doc that mentioned that only keys in the private vault will work.

    https://developer.1password.com/docs/ssh/agent/#eligible-keys

  • Correct, we're starting out with support for Private vaults only.

  • alexclst
    alexclst
    Community Member

    If you ever add shared vaults, I'd want that to be optional. Among other reasons, I've gone and put backup copies of keys from servers into a shared vault, knowing that they won't actually get used by the ssh agent. I would not want these to be interpreted for this. If nothing else, maybe employ the use of a special tag like no-ssh-agent on items to make the agent ignore them (similar to the existing 2FA and http tags). I kinda like the notion of private vaults only for usable ssh keys, but being able to "properly" store backups of keys, and share keys, via 1Password.

  • Yes, if we lift the Private/Personal vaults requirement, that will be behind an opt in. If we'd offer such a mechanism, would you prefer the opt in to be per vault or per individual key?

  • @meowzz I wanted to let you know that we're working on a solution that lets you enable keys from other vaults than the Private vault. It would be great to get your feedback on our proposal, if you're (still) interested. You can do so by joining the #ssh-agent-config channel in our Slack workspace.

This discussion has been closed.