Skip to main content
rctneil
February 16, 2022
Question

SSH Feature questions

  • February 16, 2022
  • 39 replies
  • 2024 views

Hi,

Just some quick questions about the new SSH feature.

  1. I'm assuming that the SSH keys are synced between your machines etc?

  2. Is it possible to import existing keys from multiple machines into 1Password?

  3. If I had my keys stored in 1Password and I was setting up a brand new machine, i'm assuming all I would need to do is set up 1Password and i'd be good to go right?

  4. If I do use 1Password's SSH features, do the keys still show up in my Mac's .ssh directory?

  5. Once the keys are in 1Password, do I need to remove from from the .ssh directory?

I have had a glance at the dev documentation but would like just a little more info. I've not enabled the feature yet though but really excited to!

Thanks,
Neil


1Password Version: 8.6
Extension Version: Not Provided
OS Version: MacOS 12

39 replies

February 16, 2022

From what I can see you would no longer have SSH keys in .ssh, instead your authentication would be piped through 1Password's SSH agent.

rctneil
rctneilAuthor
February 16, 2022

Ok,

Just configured this and imported a key. I've enabled the Agent and added the appropriate lines to my config file.

When I run ssh-add -l, I just get "The agent has no identities.".

Any ideas how to solve this?

floris_1P
1Password Employee
February 18, 2022
  1. Correct, the SSH Key item works like any other 1Password item in that sense

  2. Yes, you can use the import functionality for that.

  3. Almost. You would need to turn on the SSH agent in the 1Password preferences on each device, because that setting is local (by design!) and you'll need to make sure your SSH config points to the 1Password agent socket.

  4. Nope! The private keys never leave the 1Password process.

  5. They're not needed anymore by then. We don't automatically remove the private keys from your ~/.ssh directory after importing, so you can do that yourself whenever you're comfortable.

floris_1P
1Password Employee
February 18, 2022

And about ssh-add -l: that only works when SSH_AUTH_SOCK is set.

rctneil
rctneilAuthor
February 18, 2022

@floris_1P Thanks for those answers.

In regards to ssh-add -l. Your documentation says to add a line to the config file OR set the environment variable.

Theres nothing that states that to use the above command I have to use the environment variable?

How do I see all the keys in the agent then? without the env var being set?

I'm confused!

February 18, 2022

ssh-add -l works in a remote ssh session only, if you activate agent forwarding. Parameter -A for ssh or ~/.ssh/config option.

rctneil
rctneilAuthor
February 18, 2022

Former Member I'm sorry, I don;t quite understand this. Why do the docs say OR then?

February 18, 2022

You didn't write if you checked ssh-add -l locally or remotely. Locally it works right away and you need to make sure the documented environment variables exist. In remote ssh sessions, the ssh client automatically creates the environment variables, if agent forwarding is enabled.
However, this is no 1Password specific setting. It's how the ssh client works in general.

rctneil
rctneilAuthor
February 18, 2022

Former Member I'm running that locally on my machine and no entries are found.

The docs say I need to do one thing OR another, not both. If I add the appropriate line to my config file, then, according to the docs, I don't need to add an Env var.

floris_1P
1Password Employee
February 21, 2022

ssh-add does not work with IdentityAgent, so you have to use the SSH_AUTH_SOCK environment variable there.

We're working on a docs page that lists compatibility for SSH clients/tools with certain features, which should give more clarity on this subject.