Implement ssh-agent Protocol

+1 I would really love to see this feature in bitwarden

+1 Please implement this.

Maybe a separate app with a fork of this (with the repo owners permission and official support):

1 Like

Is ssh-agent Protocol have not been implemented yet?

Hi @Harper_Caelestis!

No further updates on this one just yet, but we are absolutely keeping this need (and some other related items) firmly on the radar :slight_smile:

2 Likes

It seems that 1Password was faster…

Considering that GitHub now depends on ssh keys, I think there are significantly more devs wanting a simple solution to manage their keys.

6 Likes

Wow, this looks awesome!

Just signed up here to vote for this. In our department we’d also need SSH agent integration. Currently we use KeePass with KeeAgent and various other plugins.

This would be invaluable for me.

I would also love to see this feature be implemented

+1

Great features !

I would also very much so like this to be implemented! Would be a huge value add and I’m sure it would attract lots of business

Hoping this gets implemented sooner than later

Would really like to see this implemented, its one of the features stopping me from migrating from 1Password, as they have added the feature recently

3 Likes

Please add this function. I two like to switch from 1 password to bitwarden.

1 Like

+1 would simply my daily workflow

Yes! Please add this feature! I first time saw it with 1Password and I thought, surely Bitwarden has this already, too, right? Turns out it doesn’t :frowning:

This also can be implemented via libsecret integration, requested here Support for libsecret's dbus API because SSH Agent can get secrets from Gnome Keyring: GNOME/Keyring - ArchWiki

I saw a comment here that was mentioning it was a bad idea to put keys into cloud with the passphrases, and I agree with that part. I might target to do it so, that it is still the ssh-agent that keeps the hold of the keys and it would ask for the passphrase from Bitwarden specifically. I can sort of see this as a fork of the bitwarden-ssh-agent really. For myself, I already import the keys in session start, and now I have to type in the passphrase, and I would love to use thumbprint instead of the phrase. So this feature would then in my mind become passphrases for signatures, where they key has the public signature available and it is requesting access to the private part.

I can see the appeal of storing keys and passphrases on the manager directly. To me it would equate to storing keys with empty passphrases pretty much from security standpoint. Then again, you’d perhaps store a copy of those keys somewhere like usb key or cloud in any case for the chance of the computer going bust at some point.

Cheers and salutations to a good discussion!

The ‘other’ kind of authentication I find myself having to manage is ssh keys. In a perfect world, there would be some mechanism that I could trust to generate a long key, store the key pair on the origin machine only (and back them up to a secure vault) and distribute the public key to the servers I nominate.

Having some central control over this would certainly help preserve (what remains of) my sanity:

  1. just by managing the files themselves, and their secure delivery to servers. Making this easier reduces the urge to slip into the bad habit of reusing key pairs. Automating the ‘best practices’ means they’re much more likely to be followed.

  2. being able to invalidate keys at a stroke would do much to mitigate the lack of passphrases on keys (e.g. the situation where a laptop is stolen - open the Bitwarden app on your smartphone and mark that key pair as revoked).

  3. the ability to externally impose an ‘expiration’ period on keys. Bonus points for automatic rotation of keys on a schedule, so it ‘just happens’ without manual intervention.

This is a pain-point for me, and I expect every developer/dev ops/infosec person out there.

  • Paul