It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
rctneil
4 years agoSuper Contributor
SSH Feature questions
Hi,
Just some quick questions about the new SSH feature.
I'm assuming that the SSH keys are synced between your machines etc?
Is it possible to import existing keys from multiple machine...
Enceladus
4 years agoOccasional Contributor
I was having trouble with this too and got it working. I had originally created an ssh key in my "Work" vault (not shared with anyone, but I don't think it counts as private), and was bemused as to why ssh -v was failing and claiming the agent had no identities.
Moving the key to the Personal vault fixed it. I can ssh hostname
and 1Password prompts me for permission to connect, easy peasy.
rctneil IdentityAgent
is a way to override the SSH_AUTH_SOCK
variable. It lets you instruct SSH to use a different ssh-agent for particular hosts, while SSH_AUTH_SOCK
is the default. If 1Password is the only ssh-agent you're running, you can export SSH_AUTH_SOCK=<that long path>
as suggested and that should work fine. No need to set IdentityAgent at all.
In my case I'm already running a different agent on SSH_AUTH_SOCK. So I set up my ~/.ssh/config file like this for 1PW:
```config
Host somethingtouse1passwordfor
HostName 123.456.78.910
User username
Port 42
IdentityAgent ~/.1password/agent.sock // symlink to the full socket path
Host *
IdentityFile ~/.ssh/my-normal-id
AddKeysToAgent yes
``
ssh-add -l
Note that in this case,only shows the keys in my default agent, NOT what's in the 1PW agent. The reason for this is that
ssh-addlooks at
SSH_AUTH_SOCK` to get the socket through which to communicate with an agent. If I want to see what's saved in the 1PW agent, I need to change the environment variable. I can do this temporarily for my current shell session like so:
SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
And then ssh-add -l
will report the key(s) from 1PW.
The documentation kind of assumes someone already knows how this works, which is probably a mistake given how arcane SSH can be and how minimal the usual instructions are that people get from github, web hosts, etc. If anyone wants to read a genuinely good explanation of what's going on, https://yayimorphology.org/ssh-identities-made-easy.html saved me a lot of headaches.