Manage SSH keys

app:all

#1

The ‘other’ kind of authentication I find myself having to manage is ssh keys. In a perfect world, there would be some mechanism that I could trust to generate a long key, store the key pair on the origin machine only (and back them up to a secure vault) and distribute the public key to the servers I nominate.

Having some central control over this would certainly help preserve (what remains of) my sanity:

  1. just by managing the files themselves, and their secure delivery to servers. Making this easier reduces the urge to slip into the bad habit of reusing key pairs. Automating the ‘best practices’ means they’re much more likely to be followed.

  2. being able to invalidate keys at a stroke would do much to mitigate the lack of passphrases on keys (e.g. the situation where a laptop is stolen - open the Bitwarden app on your smartphone and mark that key pair as revoked).

  3. the ability to externally impose an ‘expiration’ period on keys. Bonus points for automatic rotation of keys on a schedule, so it ‘just happens’ without manual intervention.

This is a pain-point for me, and I expect every developer/dev ops/infosec person out there.

  • Paul

#3

I feel like this feature would scratch an itch for even enterprise business accounts and the like. I see people asking for this in enterprise-level software and having to stand up massive solutions to solve a problem that Bitwarden seems positioned to solve easily.

Down deep inside, my inner-troll is dying to tell my colleagues that I have an affordable solution that trumps their $100K annual spend. :joy:


#4

This would be great. I’ve been looking for a replacement to KeeAgent (KeePass addon that emulates PuTTY Pageant). Or even not having to use Pageant either. Having this SSH agent in the Bitwarden desktop client would be awesome.

If not, then at the very least a way to store the SSH keys