Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
gboudrea
3 years agoOccasional Contributor
How to export SSH private key using CLI?
So I now store my SSH private keys in 1Password.
One problem I have with that is that some clients really need the private key files on disk to work (Sequel-Ace, to name one).
So I thought I could create a simple command-line script that would use op
to export my SSH private key to a file, and then delete that file a few seconds later, allowing those "legacy" clients to connect using my private key.
But I just can't find how to use op
to export my private key as an OpenSSH private key.
If I download the key from the 1Password 8 client, I get a text file that starts with -----BEGIN OPENSSH PRIVATE KEY-----
But if I use the CLI like this : op read op://Personal/id_ed25519/'private key'
, I instead get a key that starts with -----BEGIN PRIVATE KEY-----
So, how can I export an OpenSSH private key using CLI?
Or is there another way to export my SSH keys to disk?
Thanks
1Password Version: CLI 2.0.0
Extension Version: N/A
OS Version: macOS 12.3
- Former Member
I have this same issue
- Former Member
When I load the ssh private key from
op
I get the correct key. I use the openssh ssh-agent (not 1password) and I can just pipe the key tossh-add
.ssh-add <(op read op://Personal/key/private_key)
- Former Member
Thank you for pointing this out, @jrmoulton!
I have opened an internal ticket for investigating this.
We'll keep this thread updated with anything that may come out of it.
Once again, thanks for reporting this, and let us know if we can help with anything else!Best,
Horia - Former Member
Same problem the exported key is not a private ssh key.
- Former Member
Hey @Plivox - just to clarify - do you get that error message when running this command?
ssh-add <(op read op://Personal/key/private_key)
- Former Member
Same here, @"Justin.Yoon_1P" though you didn't ask me, given no one responded yet, I confirm running the command you suggested I get the following error:
Error loading key "/var/folders/y_/yfcgp8dj37b14jrlq2pq0rqm0000gq/T//.psub.Cz9bsuaXei": invalid format
Maybe the CLI could provide something similar to the
--otp
flag to export the private key suitable to be imported byssh-add
? - Former Member
What I ended up doing was to create another entry with
document
type and copied the private key from thessh
type entry, then doing this:ssh-add <(op document get 'private_key')
- Former Member
Hey @andrepereira
Thank you for responding anyway!
I'd like to file an internal issue for this, but before I do, may I just confirm that you are on the latest version of
op
?We introduced some improvements to SSH Key item rendering in v2.3.0.
- gboudreaOccasional Contributor
```
gb@MacBook-Pro:~ $ op --version
2.4.1gb@MacBook-Pro:~ $ op read op://Personal/id_ed25519/'private key'
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
``` - Former Member
@"Justin.Yoon_1P" version 2.4.1