SSH Private Keys are not exported correctly from "op read" command

Options
robbycuenot
robbycuenot
Community Member
edited June 2023 in CLI

I am attempting to pull an SSH private key using the CLI, to then pipe it to the Windows ssh-agent (not the 1Password agent, as the laptop's policy prevents Windows Hello from being used). When I export the key using op read, it is in a different format than what the desktop client exports, and neither ssh-agent nor puttygen recognize the format. This thread describes the issue, but it has been closed without resolution: https://1password.community/discussion/128054/how-to-export-ssh-private-key-using-cli

The only workaround seems to be storing the key as a generic password, and then exporting it that way.
CLI Version 2.13.1

1Password Version: 8.9.14
Extension Version: Not Provided
OS Version: Windows 10
Browser:_ Not Provided

Comments

  • Jack.P_1P
    Jack.P_1P
    Options

    Hi @robbycuenot:

    As it currently stands, exporting the private key of an SSH key from 1Password CLI will export in PKCS #8 format. We're currently investigating ways to improve this behavior. What might work in the meantime however is to save the text of the private key as an attachment in your SSH key item, like so:

    With an item looking like this, you could access the OpenSSH formatted key using this command: op read op://<vault name/UUID>/<item name/UUID>/id_ed25519

    Let me know how you get on with that!

    Jack

  • robbycuenot
    robbycuenot
    Community Member
    Options

    This worked for me, thank you!

  • 1P_Amanda
    1P_Amanda
    Options

    Perfect, I will close the ticket.

    Cheers!
    Amanda

This discussion has been closed.