How to use SSH Keys?

Mxx · December 26, 2024, 1:37am

I just got the new bitwarden update and noticed it has a filter for SSH Keys

However, I see no way to create/add ssh keys. Am I missing it?

Nail1684 · December 26, 2024, 1:43am

We all are, so to speak. I can’t name you a source, but it was mentioned somewhere, that the feature is still behind a feature flag and probably comes in January…

DenBesten · December 26, 2024, 4:24am

The most recent vault hours mentioned that SSH is planned for rollout in Q1, 2025. From what I understood, it will include a ssh agent so that it can work in a single-sign-on fashion with (some/many) ssh clients.

This is where the particular feature flag was mentioned.

Quexten · December 26, 2024, 4:51am

Dev of the feature here; as @Nail1684 and @DenBesten correctly mentioned this is planned to roll out in January for bitwarden.com/bitwarden.eu with creation (generation/import) of the credential likely being limited to Desktop client for the first release, soon followed by the other clients gaining import and generator capabilities [the changes are still in code-review].

Self-hosted is yet unclear, but most likely one or two releases after the feature has been proven stable on the cloud deployment.

As for the agent: All ssh clients that support ssh_auth_sock on mac/linux, or the openssh named pipe on windows will work. That includes, but is not limited to:

Openssh
VSCode (git sign/push)
git
rsync

What won’t work in the first release:

Putty/Pageant based clients on Windows
WSL on Windows
probably Snap/Flatpak Bitwarden Desktop

The keys being visible in the filter, and not hidden by the feature-flag is an oversight.

mahescho · January 23, 2025, 9:11pm

Did I get some thing wrong or is SSH support just missing in 25.1.2 on Linux?

dwbit · January 23, 2025, 9:24pm

Hey there, the feature will be enabled for everyone soon, thanks for your patience!

Verex · January 24, 2025, 7:36pm

@dwbit could you define soon ?

I was really impatient and I had just heard about this feature yesterday. I was able to enable it for the desktop app on MacOS by editing some local files.

Would this cause potential issues for my account or something? I wouldn’t assume so since you can create them in the web application version, but just to be sure.

Quexten · January 27, 2025, 9:43pm

To also update this thread: This feature is now live on all clients, on the non-selfhosted bitwarden.com and bitwarden.eu instances.

https://community.bitwarden.com/t/implement-ssh-agent-protocol/833/79

gooseleggs · January 28, 2025, 2:26am

Got this enabled today. As per the docs, it does not work with Putty or any other app that works with pageant. However, I have a working solution that enables this capability…

For those on windows:

Open an Admin command prompt
winget install winssh-pageant
Disable and re-enable the Bitwarden SSH agent : Settings > Enable SSH Agent

All going well (may need a combination of stop/start/holding tongue right, then Putty, Filezilla et all will be able to connect to Bitwarden.

NOTE/Disclaimer: This is using a third party app to provide this. Code is available on github here: GitHub - ndbeals/winssh-pageant: Bridge to Windows OpenSSH agent from Pageant. This means the openssh agent has the keys and this proxies pageant requests to it..

USE AT YOUR OWN RISK

Hopefully this will get baked into Bitwarden in a release in the short term.

falu · January 30, 2025, 4:36pm

I created it in The Cli on Mac ,then I copied it and imported it from the Clip board to Bitwarden Web Vault.

Then ,I think that every time you click on the left side SSH-key and you name your keys ,then at once the keys are generated ,then push the button - save and the keys are generated .Only this.I am not sure ,but probably so. If you do this 2 times - 3 times you see that the Public Keys are changed ,this can be an indication that the keys are generated already when you push that button SSH -key .But I am not sure.

ashebanow · February 3, 2025, 11:17pm

Tried it out and successfully created a new ssh key. Worked great.

However, there doesn’t seem to be any way to create an SSH key in Bitwarden that allows me to specify the public/private keys or the fingerprint of an existing ssh key. Am I missing something? The feature isn’t terribly useful if it won’t let me import an existing key.

Martijn_Krijgsman · February 5, 2025, 8:36am

When adding a ssh key you can use the import function in the bitwarden ui.
This works pretty good

raccettura · February 7, 2025, 10:49pm

What is the ETA for it being enabled for self hosted installs?

timnolte · February 8, 2025, 6:48pm

Was pretty disassociated to see that I couldn’t backup existing SSH keys as actual SSH keys. I use Linux/ChromeOS/Android so it appears I have no use for this feature. Looks like I’ll just have to keep storing them in Notes with custom fields. Blah.

Tim_De_Lange · February 18, 2025, 12:19pm

I have the latest linux build (2025.2.0 but ssh key is not enabled as a type

gooseleggs · February 19, 2025, 2:40pm

Are you using in premise Bitwarden? Not sure if it us activated in that product yet

phoenixgeek · February 23, 2025, 7:54am

I have onprem bitwarden (latest, activated version), and I using it with mac (downloaded bw version, not appstore). I copied “EXPERIMENTAL_CLIENT_FEATURE_FLAGS=ssh-key-vault-item,ssh-agent” flags into “global.override.env” config file on server.
But I don’t see the ssh key as type.
Am I missed something?

mhmzx · February 23, 2025, 8:19am

Hi @phoenixgeek, I am also one of the users waiting for this feature to be available. As far as I know, ssh keys cannot be enabled on self-hosted bitwarden currently, unless you compile it from the source code and add the feature flag and run.

fenix849 · March 1, 2025, 11:35am

Still interested in ssh agent feature for self hosting.

Perhaps this should be moved to a feature request.