Hi, Just some quick questions about the new SSH feature. I'm assuming that the SSH keys are synced between your machines etc? Is it possible to import existing keys from multiple machines into 1Password? If I had my keys stored in 1Password and I was setting up a brand new machine, i'm assuming all I would need to do is set up 1Password and i'd be good to go right? If I do use 1Password's SSH features, do the keys still show up in my Mac's .ssh directory? Once the keys are in 1Password, do I need to remove from from the .ssh directory? I have had a glance at the dev documentation but would like just a little more info. I've not enabled the feature yet though but really excited to! Thanks, Neil 1Password Version: 8.6 Extension Version: Not Provided OS Version: MacOS 12

From what I can see you would no longer have SSH keys in .ssh, instead your authentication would be piped through 1Password's SSH agent.

Ok, Just configured this and imported a key. I've enabled the Agent and added the appropriate lines to my config file. When I run ssh-add -l, I just get "The agent has no identities.". Any ideas how to solve this?

Correct, the SSH Key item works like any other 1Password item in that sense Yes, you can use the import functionality for that. Almost. You would need to turn on the SSH agent in the 1Password preferences on each device, because that setting is local (by design!) and you'll need to make sure your SSH config points to the 1Password agent socket. Nope! The private keys never leave the 1Password process. They're not needed anymore by then. We don't automatically remove the private keys from your ~/.ssh directory after importing, so you can do that yourself whenever you're comfortable.

And about ssh-add -l: that only works when SSH_AUTH_SOCK is set.

floris_1P Thanks for those answers. In regards to ssh-add -l. Your documentation says to add a line to the config file OR set the environment variable. Theres nothing that states that to use the above command I have to use the environment variable? How do I see all the keys in the agent then? without the env var being set? I'm confused!

SSH Feature questions | 1Password Community

39 Replies

rctneil
Super Contributor
4 years ago
Former Member I'm running that locally on my machine and no entries are found.

The docs say I need to do one thing OR another, not both. If I add the appropriate line to my config file, then, according to the docs, I don't need to add an Env var.
Former Member
4 years ago
You didn't write if you checked ssh-add -l locally or remotely. Locally it works right away and you need to make sure the documented environment variables exist. In remote ssh sessions, the ssh client automatically creates the environment variables, if agent forwarding is enabled.
However, this is no 1Password specific setting. It's how the ssh client works in general.
rctneil
Super Contributor
4 years ago
Former Member I'm sorry, I don;t quite understand this. Why do the docs say OR then?
Former Member
4 years ago
ssh-add -l works in a remote ssh session only, if you activate agent forwarding. Parameter -A for ssh or ~/.ssh/config option.
rctneil
Super Contributor
4 years ago
floris_1P Thanks for those answers.

In regards to ssh-add -l. Your documentation says to add a line to the config file OR set the environment variable.

Theres nothing that states that to use the above command I have to use the environment variable?

How do I see all the keys in the agent then? without the env var being set?

I'm confused!
floris_1P
1Password Team
4 years ago
And about ssh-add -l: that only works when SSH_AUTH_SOCK is set.
floris_1P
1Password Team
4 years ago

Correct, the SSH Key item works like any other 1Password item in that sense

Yes, you can use the import functionality for that.

Almost. You would need to turn on the SSH agent in the 1Password preferences on each device, because that setting is local (by design!) and you'll need to make sure your SSH config points to the 1Password agent socket.

Nope! The private keys never leave the 1Password process.

They're not needed anymore by then. We don't automatically remove the private keys from your ~/.ssh directory after importing, so you can do that yourself whenever you're comfortable.
rctneil
Super Contributor
4 years ago
Ok,

Just configured this and imported a key. I've enabled the Agent and added the appropriate lines to my config file.

When I run ssh-add -l, I just get "The agent has no identities.".

Any ideas how to solve this?
Former Member
4 years ago
From what I can see you would no longer have SSH keys in .ssh, instead your authentication would be piped through 1Password's SSH agent.

Forum Discussion

SSH Feature questions

39 Replies

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

1Password Chrome extension is incorrectly manipulating <code> blocks

SSH Bookmarks - broken on macOS

Unofficial 1Password SDK for Rust

🔊 Securing Cursor agentic development with 1Password Environments

ssh agent and ansible 12 prompting incessantly