Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Feature idea: when creating ssh keys, consider option to auto add comment to end of public key
When copying and pasting public keys to remote servers it is helpful if they include a comment to easily identify keys when reviewing authorized_keys
Under Developer options consider having a flag to auto-add comment to key so if generating a key for "web apps server bronze 2022" it might add a comment at end: == 1password-web-apps-server-bronze-2022
Alternatively you could have a ssh comment field in 1password and whatever user defines is automatically added to end of public key.
1Password Version: 8
Extension Version: Not Provided
OS Version: Not Provided
Hi all,
Thanks for your feedback on this. This is a common request and I have updated the requirements for the team. I cannot guarantee anything, but this is definitely a topic of discussion internally at the moment.
Thanks and stay tuned!
Phil
4 Replies
I would also like to add my name to those requesting this feature.
I will note that authorized keys can be edited and that you can append a space and any text after the key which will be treated as a comment - but it's way more convenient, imo, to have the ability to have the comment in the public key such that it is copied along with the key.
I my preference as to how it's implemented:
- A comment field on the SSH item
- The ability to edit the text in the public key field (although this would allow an invalid public key if done incorrectly)
- Just use the item name (as noted above then one must consider that it will be a public comment when choosing an item name)
++ on this. Just went through all the same motions of assumption - experimentation - failing - giving up.
+1 to this - when creating a new key today in 1Password, I thought perhaps that adding an additional field to the object of email would perhaps append it as a comment in the public key. I also tested to see if the notes field would do it.
I think there's a few options here for implementation that would be useful (or a combination) - I do like your proposal above to suffix with the object name, but that means I now need to consider what the comment will be when naming the object.
I think a good option could be to have a dropdown select for
Public Key Comment
- Use account email (based on vault)
- Use SSH key item name (strip whitespace / replace with hyphen / maybe display warning that this is happening)
- Custom - text field that validates entryI only say validates entry for comment because you're limited to 1023 characters... https://github.com/openssh/openssh-portable/blob/94eb6858efecc1b4f02d8a6bd35e149f55c814c8/ssh-keygen.c#L1507) - frankly if you're hitting that limit then need help and possibly a wiki
I went down a little bit of a rabbit hole here as well -
ssh-keygen -cwon't let you enter a comment longer than 1023 characters - you can enter 1024, but it won't let you press enter until you remove the last one. If you then vi your pub you can go absolutely wild and neither ssh nor ssh-agent will care, butssh-add -Lwill only print 1023 characters.Anyway
Agree though that comment options are needed, as there's no way to edit the public key to add one manually, despite it being an incredibly useful component.
Also 1Password strips the comment if you have one and import. That's not good - store my pub, don't modify it
- 1P_Phil
Moderator
Hi all,
Thanks for your feedback on this. This is a common request and I have updated the requirements for the team. I cannot guarantee anything, but this is definitely a topic of discussion internally at the moment.
Thanks and stay tuned!
Phil
