[Feature Request] Using 1P SSH from inside a local Docker container

Occasional Contributor

4 years ago

I was curious so I just tested ForwardAgent with 1Password's agent: it works! 🎉

Local machine is a Mac with 1Password+agent.
I ssh'd into HostA which has my public key in authorized_keys
From within that ssh session, I ssh'd into HostB which also has my public key in authorized_keys. HostA does NOT have 1Password (it's a headless Linux lxc container)

~/.ssh/config entry is simple:
host <myhost> ForwardAgent yes

Note that ForwardAgent has some serious security considerations everyone should heed: https://vincent.bernat.ch/en/blog/2020-safer-ssh-agent-forwarding. In your case, you're treating your Docker container as a trusted local development machine and were ready to mount your private keys into it, so using ForwardAgent would obviously be even more secure and just fine for your situation.

1Password experts: is there an opportunity for 1Password's agent to make ForwardAgent more secure by prompting on every use of the key, even through a server we've forwarded the key to? AddKeysToAgent confirm doesn't seem to accomplish this.

Forum Discussion

[Feature Request] Using 1P SSH from inside a local Docker container

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

1Password Chrome extension is incorrectly manipulating <code> blocks

Custom aliases and OpenSSH fields for SSH Bookmarks

SSH Bookmarks don't support Port Numbers

How to add a custom port to SSH bookmarks

SSH Bookmarks - broken on macOS