Skip to main content
rctneil
February 16, 2022
Question

SSH Feature questions

  • February 16, 2022
  • 39 replies
  • 2024 views

Hi,

Just some quick questions about the new SSH feature.

  1. I'm assuming that the SSH keys are synced between your machines etc?

  2. Is it possible to import existing keys from multiple machines into 1Password?

  3. If I had my keys stored in 1Password and I was setting up a brand new machine, i'm assuming all I would need to do is set up 1Password and i'd be good to go right?

  4. If I do use 1Password's SSH features, do the keys still show up in my Mac's .ssh directory?

  5. Once the keys are in 1Password, do I need to remove from from the .ssh directory?

I have had a glance at the dev documentation but would like just a little more info. I've not enabled the feature yet though but really excited to!

Thanks,
Neil


1Password Version: 8.6
Extension Version: Not Provided
OS Version: MacOS 12

39 replies

floris_1P
1Password Employee
May 12, 2022

That's one of the options we're exploring. One downside of that approach is that in shared vaults, someone on your team would be able to change everyone else's SSH agent behavior, while all other SSH agent configuration is (intentionally) local to each device.

May 12, 2022

@floris_1P It's better, but still very annoying since I tend to have many terminal processes running inside of tmux and vim.

June 6, 2022

@floris_1P is there any update on possible changes to the restriction on having SSH keys in the 'default' ("Personal" in my case) vault?

I have a personal 1P account, nobody else has access to it, but I am forced to keep all my items in this "Personal" vault that are not personal items.

Can the developers at least allow extra vaults for accounts with a single login attached?

I understand the reluctance about using shared vaults, but I work in teams that have shared SSH keys as back-up for when network authentication fails and we have never had an issue with misuse of the keys.
Perhaps that could be addressed by enforcing security over who can edit entries, rather than restricting use of those entries?

June 10, 2022

@ragectl Unfortunately there are no updates yet regarding this feature.

floris_1P
1Password Employee
July 20, 2022

@negnetsolutions In the latest beta, you can now configure the SSH agent authorization model to not prompt for each terminal tab, but only once per application. Let me know if that improves things for you!

July 20, 2022

@floris_1P That's neat. I'll give it a try. Thanks.

1P_Tommy
1Password Employee
July 21, 2022

On behalf of Floris, you're welcome.

floris_1P
1Password Employee
April 19, 2023

@kevinneufeld @Enceladus @nikolamilekic @ragectl

I wanted to let you know that we're currently working on a solution that allows for the following:
- Enable keys from other vaults than the Private vault.
- Create isolated setups with certain keys offered on a separate socket.
- Control the order in which keys are offered to SSH servers.

It would be great to get your feedback on our proposal, if you're (still) interested. You can do so by joining the #ssh-agent-config channel in our Slack workspace.

May 4, 2023

@floris_1P good to hear thanks. I will take a look