This is what Bitwarden needs to do.
In the meantime, I’m just increasing MaxAuthTries to 20:
MaxAuthTries 20
I would like to see a toggle for adding keys to the agent, or not.
I like to add all my SSH keys to Bitwarden, but I do not use all of them very often. A lot of my SSH keys are used for services, so they do not need to be added to the SSH agent generally.
1 Like
Thanks to @borsarinicola, @schuhu, @Schale01 for the bash script work and @tslivede for the pwsh equivalent.
Seconded.
I only recently figured out how and started using the Bitwarden ssh-agent myself. As I am apt to do–I immediately went FULL overboard and started creating a unique ssh key for every host I have access to. With the keys being stored in an encrypted vault that syncs across (client) devices–it seemed to make sense to treat these keys more like creating a unique password for every service you use. My main machine has the relevant .ssh/config host entries with corresponding IdentiyFile bw-{host}.pub records. Each host has the relevant entry in authorized_keys for its dedicated Bitwarden stored credential and a hardware security key alternate.
Does my hobby homelab need this level of security? Absolutely not! 
The main drawback to this approach that gives me pause is the need to have those bw-{host}.pub keys on any device that I connect from.
It would be great if Bitwarden and the ssh-agent could in some way:
- NOT divulge the names of every single SSH key saved in my vault, to every host which I initiate a connection to.
- Accomplish #1, without the need to also expose those public keys (with identifying names) to even the host from which I am connecting.
Of course, I could just use a single “master” SSH key for all my various projects but given that authorizing 1 of (256) SSH keys with Bitwarden’s ssh-agent works the same as authorizing 1 of 1, I’d prefer the more secure approach.