Open drewwells opened 4 years ago
drewwells
commented
4 years ago Some use cases, user wants to add 3 keys by name
lpass keychain foo bar baz
lpass checks for running agent or requests master password
lpass opens up a connection to ssh-agent and executes plus a small expect program to supply passphrase over stdin
ssh-add - <<< $(lpass show foo | \
sed -e '/-----BEGIN/,/KEY-----/!d' | sed 's/Private Key: //' )`
RevHokan
commented
4 years ago Not clear why this is a LastPass issue. This probably should be handled by user scripting.
lhaeger
commented
1 year ago This is in as much a LastPass issue as users expect such a feature from LastPass, even more now that 1Password implemented this a while ago and it could really help secure ssh keys a lot... :-)
lhaeger
commented
1 year ago PS: here's someone's earlier prototype as a starting point: https://github.com/Snaipe/lastpass-ssh-agent
Lastpass has added support for SSH keys, but it's not retrievable in any useful way. lastpass-cli could implement the ssh-agent interface, then users can retrieve ssh keys and/or passphrases with their lastpass + 2fa credentials. This is not a new idea, keychain stores passphrases locally based on user input https://www.funtoo.org/Keychain
ssh-agent has some security issues. If that is a concern, there's a less widely known project guardian-agent that has a slightly more secure form of ssh-agent
ssh-agent protocol: https://tools.ietf.org/id/draft-miller-ssh-agent-01.html guardian agent protocol: https://github.com/StanfordSNR/guardian-agent/blob/master/doc/design.md