After years of using my Yubikey and my GPG key for SSH/GIT I’m thinking of switching that to using 1Password’s newer features for the same. Anyone doing that? Thoughts on the approach?
Conversation
Notices
-
Embed this notice
Chris Wiegman (chris@mastodon.chriswiegman.com)'s status on Wednesday, 13-Sep-2023 23:43:37 JST 
Chris Wiegman
-
Embed this notice
feld (feld@bikeshed.party)'s status on Wednesday, 13-Sep-2023 23:43:35 JST 
feld
If 1Password is offering the ability to do this for ssh it would be via U2F which not all sshd support yet. Only the latest OS releases are likely to allow you to login with it.
That's why Yubikey GPG is superior -- it is just a normal RSA or ED25519 ssh key (for a Yubikey 5) -
Embed this notice
feld (feld@bikeshed.party)'s status on Wednesday, 13-Sep-2023 23:45:01 JST
feld
If you're still running MacOS install Secretive which will give you another ssh agent with your key stored in the Secure Enclave. It's nice having the equivalent of a built-in Yubikey into my laptop for when I'm not carrying my Yubikey.
https://github.com/maxgoedjen/secretive -
Embed this notice
feld (feld@bikeshed.party)'s status on Wednesday, 13-Sep-2023 23:46:43 JST
feld
ahh, it looks like they went an even worse route: just a weird ssh-agent they provide that uses normal SSH keys that are held in 1Password. Which means the private key can be extracted.
https://developer.1password.com/docs/ssh/agent/ -
Embed this notice
Chris Wiegman (chris@mastodon.chriswiegman.com)'s status on Wednesday, 13-Sep-2023 23:48:35 JST
Chris Wiegman
@feld Thanks. In this case 1Password actually has a built-in SSH agent for all this now (using either RSA or ED25519 keys). In setting up it seems like it should handle all of what I need to connect to but I’ll look a little deeper at some of this first.
feld likes this.
-
Embed this notice
All GNU social JP content and data are available under the