Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Feature Request: Restrict Visibility, Copy, and Export of Private SSH Keys in a Shared Vault
Dear 1Password Support Team, I hope this message finds you well. I am a user of 1Password, currently managing SSH keys for secure access to our my Cloud servers. I am reaching out to enquire about a...
This is done for giving the access to other team members to use the same for ssh into remote servers.
Since you have highlighted we can encrypt and store the private key, can you share the doc or some more info on the same on how to achieve this?
Gladly.
The way to allow multiple people, each of whom has their own key pair (private and public), to log in to an account is to add all their public keys to the account's `authorized_keys` file.
To illustrate, consider to account operator@server and you and I as users who may log in to it.
ajcxz0@client1:~$ ls .ssh/id_ed25519{,.pub} .ssh/id_ed25519 .ssh/id_ed25519.pub ajcxz0@client1:~$ cat .ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPZhOtzFR5MheT82aSqd6PUUZI7dXuH95gAWWDrnvCk Andrew J. Caines jay@client2:~$ ls .ssh/id_ed25519{,.pub} .ssh/id_ed25519 .ssh/id_ed25519.pub jay@client2:~$ cat .ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO1UzY/zvVz0Yi/SLp7JTRidicOSgoS5WQEMdXE0NmC Jay operator@server:~$ mkdir -v -m 700 ~/.ssh mkdir: created directory '/home/operator/.ssh' operator@server:~$ cat > ~/.ssh/authorized_keys << EOF ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPZhOtzFR5MheT82aSqd6PUUZI7dXuH95gAWWDrnvCk Andrew J. Caines ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO1UzY/zvVz0Yi/SLp7JTRidicOSgoS5WQEMdXE0NmC Jay EOF ajcxz0@client1:~$ ls .ssh/id_ed25519{,.pub} .ssh/id_ed25519 .ssh/id_ed25519.pub ajcxz0@client1:~$ cat .ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPZhOtzFR5MheT82aSqd6PUUZI7dXuH95gAWWDrnvCk Andrew J. Caines jay@client2:~$ ls .ssh/id_ed25519{,.pub} .ssh/id_ed25519 .ssh/id_ed25519.pub jay@client2:~$ cat .ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO1UzY/zvVz0Yi/SLp7JTRidicOSgoS5WQEMdXE0NmC Jay operator@server:~$ mkdir -v -m 700 ~/.ssh mkdir: created directory '/home/operator/.ssh' operator@server:~$ cat > ~/.ssh/authorized_keys << EOF ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPZhOtzFR5MheT82aSqd6PUUZI7dXuH95gAWWDrnvCk Andrew J. Caines ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO1UzY/zvVz0Yi/SLp7JTRidicOSgoS5WQEMdXE0NmC Jay EOF $ chmod -v 600 ~/.ssh/authorized_keys mode of '~/.ssh/authorized_keys' changed from 0644 (rw-r--r--) to 0600 (rw-------)With your and my ED25519 public keys - one on each line - in operator's `authorized_keys` file, you and I (and no-one else*) can log in as operator on host server.
Think of the key pair as the way to identify the person (even if it's an account for an automated process) and presence of the person's public key in the `authorized_keys` file for an account (i.e. a user on a host) as the granting of access to it.
*[Weak authentication methods such as password are disabled on server.]
