I’m working on a Linux machine and my private SSH keys are usually managed by .ssh/config. I’m now trying the BW ssh agent from the desktop app.
TL;DR:
- Only with an
IdentityFileset in the config file the BW SSH agent is queried. - However, this file is not used when BW has the key in its store, but is has to be there anyway.
Is there a better way of configuring the system without this duplication of keys?
Long read:
My .ssh/config looks something like this:
host *
IdentitiesOnly yes
AddKeysToAgent yes
Host YYYYYYY
HostName XXXXX.org
Port 12345
User name
IdentityFile /home/mike/.ssh/myprivatekey
This way I can simply type
ssh YYYYYYY
without specifying host name, user, port, or identity file.
I’ve started to migrate the ssh keys to Bitwarden, which asks for the passphrase. This makes it likely that Bitwarden stores the keys “naked”.
Then I’ve added BW as ssh key agent and now I’m being prompted every time a ssh-key is being asked for. So far so good.
However, I can not drop the “IdentityFile” from .ssh/config nor can I delete the IdentityFile itself.
Only with that line and the file present will BW be queried - without reading the file itself.
The problem is made worse when BW generates the ssh key.
In order to get the entry in .ssh/config working, I have to
- copy the private key to disk
- change its access permissions
- encrypt it with a passphrase (because the BW copy is not password protected)
…only for the file not being used after all - but it has to be there.
Is there a smarter way to solve this?
