Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

Lachy's avatar
Lachy
Occasional Contributor
4 years ago

ssh-copy-id functionality

Without the private key files in ~/.ssh/, it's less convenient to use ssh-copy-id to put public keys onto servers. It would be useful if 1Password provided an easy solution for this, perhaps UI built into 1Password itself or some kind of integration with or replacement for ssh-copy-id so that it can read the private keys from 1Password.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

SSH
  • Former Member's avatar
    Former Member
    3 years ago

    ssh user@host "echo $(ssh-add -L | grep "$KEY_ID\$") >> ~/.ssh/authorized_keys"

    This only works if an authorized_keys file exists already. So you might have to create it first:

    Create the .ssh directory:
    mkdir ~/.ssh
    Set the right permissions:
    chmod 700 ~/.ssh
    Create the authorized_keys file:
    touch ~/.ssh/authorized_keys
    Set the right permissions:
    chmod 600 ~/.ssh/authorized_keys

    From here: https://askubuntu.com/a/466558

  • Former Member's avatar
    Former Member
    3 years ago

    Unfortunately there's not a way to specify a key except by filename with ssh-copy-id. Since the keys in 1Password are ID'd by name in the comment section, you can list the public keys with ssh-add -L, grep one by ID, and copy that:


    ssh user@host "echo $(ssh-add -L | grep "$KEY_ID\$") >> ~/.ssh/authorized_keys"

    where $KEY_ID is the name of the SSH key in 1Password.

  • Former Member's avatar
    Former Member
    3 years ago

    I got multiple keys now in 1password and ssh-add -l shows them. Now I want to add only one of them via ssh-copy. How would I do that? It should only copy one specific key and not all.

  • Former Member's avatar
    Former Member
    3 years ago

    Hi,
    these paths with spaces are a little tricky. Maybe the socket should be created in a more common location.
    Nevertheless
    export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
    worked for ssh-add.

    And ssh-copy-id also seems to accept this:

    ➜ ~ ssh-copy-id user@host
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 3 key(s) remain to be installed -- if you are prompted now it is to install the new keys

  • K_J__1P's avatar
    K_J__1P
    Icon for 1Password Team rank1Password Team
    4 years ago

    Hello! I have no used ssh-copy-id, but from the docs it should use ssh-add -L to look for keys in the agent:

    Otherwise, if this: ssh-add -L provides any output, it uses that in preference to the identity file.

    SSH for 1Password 8 supports ssh-add -L, however, at least on my machine, it won't read an IdentityAgent from ~/.ssh/config and requires the SSH_AUTH_SOCK environment variable set.


    SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" ssh-add -L

    I tested ssh-copy-id locally with the environment variable and it was able to successfully add a new key.

    Are you able to test this environment variable with ssh-copy-id? Thanks!

  • Former Member's avatar
    Former Member
    4 years ago

    This could be something added to the 1Password CLI perhaps? Like an op copy-ssh-public-key command or something.