Skip to main content
February 17, 2022
Question

ssh-copy-id functionality

  • February 17, 2022
  • 10 replies
  • 5941 views

Without the private key files in ~/.ssh/, it's less convenient to use ssh-copy-id to put public keys onto servers. It would be useful if 1Password provided an easy solution for this, perhaps UI built into 1Password itself or some kind of integration with or replacement for ssh-copy-id so that it can read the private keys from 1Password.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

10 replies

February 17, 2022

This could be something added to the 1Password CLI perhaps? Like an op copy-ssh-public-key command or something.

March 1, 2022

+1 for this

March 7, 2022

+1

March 8, 2022

+1 for this

K_J__1P
1Password Employee
March 14, 2022

Hello! I have no used ssh-copy-id, but from the docs it should use ssh-add -L to look for keys in the agent:

Otherwise, if this: ssh-add -L provides any output, it uses that in preference to the identity file.

SSH for 1Password 8 supports ssh-add -L, however, at least on my machine, it won't read an IdentityAgent from ~/.ssh/config and requires the SSH_AUTH_SOCK environment variable set.


SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" ssh-add -L

I tested ssh-copy-id locally with the environment variable and it was able to successfully add a new key.

Are you able to test this environment variable with ssh-copy-id? Thanks!

July 9, 2022

Hi,
these paths with spaces are a little tricky. Maybe the socket should be created in a more common location.
Nevertheless
export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
worked for ssh-add.

And ssh-copy-id also seems to accept this:

➜ ~ ssh-copy-id user@host
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 3 key(s) remain to be installed -- if you are prompted now it is to install the new keys

August 17, 2022

I got multiple keys now in 1password and ssh-add -l shows them. Now I want to add only one of them via ssh-copy. How would I do that? It should only copy one specific key and not all.

September 15, 2022

Unfortunately there's not a way to specify a key except by filename with ssh-copy-id. Since the keys in 1Password are ID'd by name in the comment section, you can list the public keys with ssh-add -L, grep one by ID, and copy that:


ssh user@host "echo $(ssh-add -L | grep "$KEY_ID\$") >> ~/.ssh/authorized_keys"

where $KEY_ID is the name of the SSH key in 1Password.

November 23, 2022

ssh user@host "echo $(ssh-add -L | grep "$KEY_ID\$") >> ~/.ssh/authorized_keys"

This only works if an authorized_keys file exists already. So you might have to create it first:

Create the .ssh directory:
mkdir ~/.ssh
Set the right permissions:
chmod 700 ~/.ssh
Create the authorized_keys file:
touch ~/.ssh/authorized_keys
Set the right permissions:
chmod 600 ~/.ssh/authorized_keys

From here: https://askubuntu.com/a/466558

Jack_P_1P
1Password Employee
November 29, 2022

Thanks for sharing @finnmatti!

Jack