SSH-agent protocol

[soraxas]

Just an idea:

Do you think the current rbw agent can be extended to perform SSH agent protocol by directly retrieving ssh keys from entries within rbw (e.g. supplying ssh-keys with bitwarden items that begins with name prefix like SSH_KEY_xxxx)

This crate seems relevant to this idea: https://docs.rs/ssh-agent-lib/latest/ssh_agent_lib/

The goal would be removing the needs to store secret key directly on machines

[doy]

this would probably be possible, but i don't know that it is entirely necessary? i solve this issue by using a wrapper script for ssh which sets the SSH_ASKPASS environment variable to a script that runs rbw get (you can see the details at https://github.com/doy/conf/blob/main/rbw/.bin/ssh and https://github.com/doy/conf/blob/main/rbw/.bin/ssh-askpass). i'm not necessarily against using the ssh-agent protocol here, but it seems like it might just be a lot of work for not much benefit?

[Glandos]

Even if I developped https://framagit.org/Glandos/bw-ssh/ it seems that SSH keys are becoming a reality, at least in Vaultwarden: https://github.com/dani-garcia/vaultwarden/pull/5187 It's still experimental, and requires the desktop clients, but it's a good time to check if it matches rbw goals.