Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does Goldwarden's SSH-Agent support exposing secret-key ssh-keys (for example ed25519-sk) #301

Open
Charging1948 opened this issue Oct 30, 2024 · 4 comments

Comments

@Charging1948
Copy link

I just tried to add my ssh-key of the format sk-ssh-ed25519 to goldwarden using goldwarden ssh import ~/.ssh/key.

Creation of the ssh-key was done using: ssh-keygen -t ed25519-sk -C "[email protected]"

The output of running above command is:

Importing SSH key from /home/jk/.ssh/id_yubi_black
Error: ssh: unhandled key type

This makes me think that goldwarden cannot currently handle SSH-Keys with Security-Keys.
Will there be support for those in the future?

Or did i do something wrong?

@quexten
Copy link
Owner

quexten commented Oct 30, 2024

Currently sk keys are indeed not supported. What is the use-case for you? The key is stored on the security key, right? So would this be a "back-up" means? Or do you want to have regular keys in goldwarden, and use the same ssh-agent for exposing your keys stored on the security key?

@Charging1948
Copy link
Author

Yes, i do want to use goldwarden's ssh-agent for exposing the keys stored on the security key.

Theoretically i could also use multiple ssh-agents, but i would rather have just one.

@Charging1948 Charging1948 changed the title Support for secret-key ssh-keys (ed25519-sk) Does Goldwarden's SSH-Agent support exposing secret-key ssh-keys (for example ed25519-sk) Oct 30, 2024
@quexten
Copy link
Owner

quexten commented Oct 30, 2024

Ok, just to make sure I understand, are there other, separate, regular keys that are stored in bitwarden that are also used via the ssh agent? Otherwise what benefit does goldwarden bring, compared to just the regular ssh agent?

Or, is this about syncing the "private key" file (/home/jk/.ssh/id_yubi_black for you) that just contains a reference to the security key, to other devices?

For just using both kind of keys in parallel, it would be fairly easy to add support for goldwarden to route through requests that it does not have a key for to the systems ssh agent, so that both keys can be used side-by-side. For the latter, I think this is not supported by the ssh package of golang yet (golang/go#69904), so that would block support for now.

@Charging1948
Copy link
Author

Yes i do have other, separate regular keys in my bitwarden vault, that i also want to use. But i think my use case is quite rare, so i will probably use goldwarden without the ssh-agent for now.

Thank you for your time! Feel free to clos this, if you want to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants