Skip to main content
March 29, 2022
Question

Import SSH keys from CLI

  • March 29, 2022
  • 13 replies
  • 2143 views

Hey,

Is there a good way to import ssh keys using the cli? I've been using ssh keys with op for a while before the SSH_KEY category was introduced and saving them as Secure Notes.
So I planned on trying to migrate my SECURE_NOTE to SSH_KEY. Right now the move was manual. I've have been using a shell script that I built https://github.com/smgt/dotfiles/blob/master/bin/1p-ssh (not updated for op 2.0.0) to handle this.

Another nice feature would be to expose the public key in the op item get response also, I find it handy to share my public key fast from the command line. Right now it seems to be a calculated value just kept inside 1Password GUI.


1Password Version: op v2.0.0
Extension Version: Not Provided
OS Version: Linux Arch

13 replies

mickael
August 7, 2022

I created https://github.com/mickaelperrin/onepassword-tools mainly to manage my SSH Keys. The current implementation in 1Password is a good step forward but still limited for my usage.

Have a look at:

```
Usage: op-tools new-ssh-key [OPTIONS]

Generates a new SSH key and store it in 1Password. Additional information
are stored also to generate SSH config file when imported.

Options:
--return-field TEXT Field value to return
--account TEXT Account to use (shorthand)
--vault TEXT Vault uuid where to store the information
--title TEXT Name of the 1Password item
--notes TEXT Note
--from-user TEXT User who is responsible from initiating the
connection, default current user.
--from-host TEXT Host from where the SSH connection starts,
default current hostname.
--to-user TEXT Remote user, prompted if empty. [required]
--to-host TEXT Remote server hostname, prompted if empty.
[required]
--to-host-abbreviated TEXT Alias of the remote server hostname used to
initialize connection.
--no-passphrase TEXT Create ssh key without passphrase.
--passphrase TEXT Use this passphrase instead of an autogenerated
one.
--passphrase-length INTEGER Length of the autogenerated passphrase.
--port INTEGER Remote port
--help Show this message and exit.
```

and

```
Usage: op-tools ssh-add [OPTIONS] [SEARCH]

Loads a SSH key stored in 1Password by searching [SEARCH] in uuid or in
item title, and creates a ssh configuration file of the following format:

Match originalhost [][ user ]
IdentitiesOnly yes
IdentityFile
Hostname
User
Port

Options:
-D cleanup ssh agent and remove all 1Password managed
keys and configuration
--no-ssh-config TEXT Do not create ssh config file
--help Sho
```

Note that currently ssh-add uses 1password local search which is a reverse engineering decryption of 1password database locally to increase performance and is not compatible with biometric auth. This is something that should be changed because performance is not a concern for SSh key management.

August 19, 2022

+1 This is a must have feature

Open sourcing the cli would help all of us making 1Password the best password manager

1Password Employee
August 31, 2022

Thanks for your feedback!