I created an SSH key in my Bitwarden Passwordmanager ,but then how to use this feature ? And, as I understand not so many companies are using this feature? As per now proton mail does not have it ,they only wrote to me - we are forwarding this to our developers … . The main problem is with the CLI - it was not that easy to find out all the command lines to compose a SSH Key.As I understand there most be an SSH Agent for this.? And once the SSH key is there ,in Bitwarden password.managaer is that enough ,or will that data handle the rest for me .? Or do I need to further correcting details on the SSH agents web site?
Have you looked at this page: Bitwarden SSH Agent | Bitwarden Help Center
What OS are you in? On windows it does not work with anything that uses pageant yet although there is a workaround that I am using: How to use SSH Key? - #9 by gooseleggs
Also be aware that there is a forum about having too many keys in the vault may mean that the connection is denied by the SSH server due to too many authentication attempts.
This is the first release of this so expect it to get better.
It is Mac Sequoia 15.2 But I am not experienting on this computer ,better is to experiment with Mac OS Monterey ,then if anything goes wrong matters nothing.
As to my knowledge none of my sites uses SSH Key , I think Facebook tried something ,but they declined the idea.Or maybe the feature is too difficult to implement so Facebook declined the idea. Any of my friends ,they newer used even a password manager ,now if that is so scary ,then what about the terminal ? A lot ,I mean 100 reds ,I asked about if they use a password manager ,the answer was a great NO . Also most of them have simple password ,a machine can crack ,it in seconds. Google I think have this .
It is not clear what you mean with - "having too many keys in the vault…? Using the same key for many web sites ,that is a danger - as you cannot use the same password for all your websites - so it is clear that you cannot use the same key on all of your websites . So many websites - so many keys - if not ,then this feature is more insecure than having passwords without a 2fa. If you have 10 important accounts ,then you most generate 10 sec/pub keys - this I do not doubt about ,that it most be so. I may missunderstand your thinking ,so sorry if I do so.
After reading a little about the possibilities of SSH KEYS ,I am thinking - this feature is definitely not in need for literally “any” ordinary person on this entire earth. ? This is for developers or companies or something like that. ? But stumbling upon this idea in my Bitwardenpassword manager , I was curious what this can be. I saw this option ,just yesterday . As I am using PGP and GPG wery often ,so I was thinking that this was something similar to those concepts ( and ,it is similar ) ,so I was thinking ,it is worth to look at it. But I am just realizing ,that this is no way in any manner relevant to an ordinary user. ? Or I cannot think up any thought how this option would be of any use for an ordinary Joe ? Or can this be implemented for any login scenarios ? Probably not .
But ,yes ,if an avarage person could use this idea of a SSH key to log in to any site ,or something similar to that ,it would be a great step towards security. Maybe ,in this case ,using a Public key for 2fa ? As it is now ,I cannot see any use for an ordinary person. Besides this - even if that was a possibility - people would not use it , it is much easier to generate a 64 long password ,then chickening out with some authenticator and the deed is done.Still I find this wery interesting - I am not sure if I understand this concept.
SSH keys are used to as an alternative authentication method for termal session such as Linux, Cisco or SFTP connections. so unless you are administering these then Yes, won’t be useful. GitHub can also use SSH keys for uploading code.
The comment about too many keys comes from how SSH authentication works with certificates. When your machines makes a connection it will try all the keys to try and find a matching one. The server side normally restricts how many different keys can be used (akin to how many incorrect passwords). If the key that the server uses is not in the ones tried up to the max limit then the connection will fail.
Yes ,true ,it is not useful for an ordinary person as you say . Still I find it wery intriguing . Forexample it would be infinitely difficult to hack any account if a public key could be used as 2Fa .This would be a 1 time job only from the user side ,and at any time that person mounts a site he is just logged in ,no fingerprints ,no 2fa ,nothing . To use a public key as 2fa would be great .Bitwarden just would work deep in the water doing all this . This means also that a user newer need to open his vault - probably only when he register new keys or just looking at it ,or for updating the app.
I see ,yes to many keys in the vault will create a problem ,the same as with passwords . But then how is this come about ? If I encrypt a file with one of my keys ,then I will not use some of my another keys to decrypt that file ? I see clearly what keys I am using or used. Similarly if I send a PGP mail to an adress ,I will not use someone else’s public key ? - that would create a real trouble for the receiver. This I do not clearly understand . If I have an SSH key ,that goes to X server , how can that server choose or Bitwarden present something else to X ?. Or how can X proving all the keys.? Say I logging in to Google - surely I will not use a Facebook credentials login ?. Not understandable . There most be a clear way to use the right key to a right server.Then how can all those SSH keys come to life all at once ? Maybe there some central registration somewhere for all the keys ? As for open keys pgp ? Here we can find all the registered public keys . Still there is an adress ,and then how can those SSH servers miss the keys ? Not understandable .
I see , it is the computers will try all those keys … so that it can find the right keys . This is a terrible scenario . How is that ? This is a terrible scenario. So say I need 10 keys ,then surefire I am locked out for eternity as the server will try all my keys and after registering brute force attack I’m punished for liftime . This is more bad than any bad password as 1234mydogbernie.Then why there are no attempts to develop systems that will eradicate this backfiring ?
For keys being used for 2Fa - this is what passkeys provide to a point. They are cryptographic keys for authentication.
In regards to multiple ssh keys and having more keys than what the server will accept: other password managers allow manually or automatically making the keys available for use. This way you might have 100 keys in your vault but you only might enable 1 at a time in your vault for presentation to the server.
Yes 1 key at a time will not create a brute force suspicion on the server . I am not that familiar with SSH keys . I created a key in the CLI ,and uploaded to my vault -but it was wrong to do so ,I am not a sysadmin or any developer either . For me the cryptography side which is of interest as Quantum Computers are here in the near future. There should be a system much stronger as it is today .