-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path1pwd-ssh.txt
More file actions
47 lines (31 loc) · 2.93 KB
/
Copy path1pwd-ssh.txt
File metadata and controls
47 lines (31 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Title: Using 1Password to login to an SSH session.
Description: This is the technique I use to leverage 1Password to login to SSH terminal session, from Linux to Linux, though Windows is also supported (see docs). No more SSH keys written to disk:
https://support.1password.com/command-line-getting-started/
1Password Setup Instructions:
Step 1: Download the command-line tool for your environment on the following page: https://app-updates.agilebits.com/product_history/CLI
Step 2: For Linux, Unzip the file, verify the signature and copy "op" to /usr/local/bin/.
Step 3: Signin to 1Password using: "op signin https://my.1password.com [EMAIL Address]" <ENTER> (URL may vary)
Step 4: Enter your Secret code, then your password.
Step 5: Export the environment variable shown in the output.
Note: From this point forward you can use "eval $(op signin [shortcut name])" to signin. For example, my shortcut name is "my", resulting in "eval $(op signin my)"
You are now logged in and can perform 1Password functions.
Next we'll create a 1Password entry for logging into a Linux host via SSH:
Step 1: Add a vault in 1Password called "api", and change to that vault.
Step 2: Create an entry for your host as follows:
Step A. Create a new "Server" object.
Step B. Give it a name ([ITEM_NAME]), and set the URL to the DNS name of the server and username to the user id.
Step C. Create a new section called SSH. Set the 1st field as "host" w/ the hostname, 2nd field as "user" w/ user id, and the 3rd field as "key" ... copy/paste the openssh private key in this field - DO NOT MODIFY. Save entry.
The following script creates the variables for the USER, HOST and loads the SSH key into the SSH-AGENT. It then will login to the host. After disconnecting, the key is removed from the agent and the variables unset.
Name the following script "1pwd_ssh.sh", and run the script as follows: ./1pwd_ssh.sh [ITEM_NAME] (e.g.: "./1pwd_ssh.sh west")
-------------------------------------
#!/bin/bash
SSHHOST=$(op get item $1 --vault api | jq -r '.details.sections[3] | .fields[0] | .v')
SSHUSER=$(op get item $1 --vault api | jq -r '.details.sections[3] | .fields[1] | .v')
ssh-add - <<< $(op get item $1 --vault api | jq -r '.details.sections[3] | .fields[2] | .v' | sed -e "s/-----BEGIN .* PRIVATE KEY----- /-&\n/g" -e "s/-----END .* PRIVATE KEY-----/\n&/" -e "s/\S\{64\}/&\n/g" -e "s/^$//g" | sed '/^$/d' | sed 's/ $//g' | sed 's/^ //g' | sed -e '1s/^.//')
ssh $SSHUSER@$SSHHOST
ssh-add -D
unset SSHHOST SSHUSER
-------------------------------------
This is a basic example, and I'm sure the "ssh-add" line could be more efficient. It works for me for now - updates maybe to come.
Some notes: Perhaps "ssh-add -D" is not good for your workflow. The script could be modified to remove just the key that was used to login.
.details.sections[3] could vary, depending if the "SSH" section (Step C.) is not the 3rd section.