Skip to main content
gboudrea
March 20, 2022
Question

How to export SSH private key using CLI?

  • March 20, 2022
  • 13 replies
  • 5690 views

So I now store my SSH private keys in 1Password.
One problem I have with that is that some clients really need the private key files on disk to work (Sequel-Ace, to name one).
So I thought I could create a simple command-line script that would use op to export my SSH private key to a file, and then delete that file a few seconds later, allowing those "legacy" clients to connect using my private key.

But I just can't find how to use op to export my private key as an OpenSSH private key.
If I download the key from the 1Password 8 client, I get a text file that starts with -----BEGIN OPENSSH PRIVATE KEY-----
But if I use the CLI like this : op read op://Personal/id_ed25519/'private key', I instead get a key that starts with -----BEGIN PRIVATE KEY-----

So, how can I export an OpenSSH private key using CLI?

Or is there another way to export my SSH keys to disk?

Thanks


1Password Version: CLI 2.0.0
Extension Version: N/A
OS Version: macOS 12.3

13 replies

March 25, 2022

I have this same issue

March 29, 2022

When I load the ssh private key from op I get the correct key. I use the openssh ssh-agent (not 1password) and I can just pipe the key to ssh-add. ssh-add <(op read op://Personal/key/private_key)

April 5, 2022

Thank you for pointing this out, @jrmoulton!
I have opened an internal ticket for investigating this.
We'll keep this thread updated with anything that may come out of it.
Once again, thanks for reporting this, and let us know if we can help with anything else!

Best,
Horia

April 16, 2022

Same problem the exported key is not a private ssh key.

April 26, 2022

Hey @Plivox - just to clarify - do you get that error message when running this command? ssh-add <(op read op://Personal/key/private_key)

June 12, 2022

Same here, @"Justin.Yoon_1P" though you didn't ask me, given no one responded yet, I confirm running the command you suggested I get the following error:

Error loading key "/var/folders/y_/yfcgp8dj37b14jrlq2pq0rqm0000gq/T//.psub.Cz9bsuaXei": invalid format

Maybe the CLI could provide something similar to the --otp flag to export the private key suitable to be imported by ssh-add?

June 13, 2022

What I ended up doing was to create another entry with document type and copied the private key from the ssh type entry, then doing this:

ssh-add <(op document get 'private_key')

June 13, 2022

Hey @andrepereira

Thank you for responding anyway!

I'd like to file an internal issue for this, but before I do, may I just confirm that you are on the latest version of op?

We introduced some improvements to SSH Key item rendering in v2.3.0.

gboudrea
gboudreaAuthor
June 13, 2022

```
gb@MacBook-Pro:~ $ op --version
2.4.1

gb@MacBook-Pro:~ $ op read op://Personal/id_ed25519/'private key'
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
```

June 14, 2022

@"Justin.Yoon_1P" version 2.4.1