Last active
December 12, 2021 11:12
-
-
Save davidblewett/53047c4c7757b663c11b to your computer and use it in GitHub Desktop.
Allow storage of SSH private keys in LastPass, and use lpass CLI to retrieve and load into ssh-agent. The general idea is to store the private key armored ASCII in an "SSH Key" Secure Note, in a specific folder (i.e.: "Secure Notes\SSH" ).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# Import all SSH keys from LP | |
# | |
PREFIX=~ | |
SSH_ASKPASS=$PREFIX/bin/lp-askpass.sh | |
export SSH_ASKPASS | |
# This is needed to force ssh-add to honor our SSH_ASKPASS. | |
DISPLAY=foo | |
export DISPLAY | |
CONTAINER="Secure Notes\SSH" | |
# For some reason, lpass ls includes the folder's ID | |
CONTAINER_ID=4532168026 | |
for key_id in `lpass ls "${CONTAINER}" | grep -v $CONTAINER_ID | awk '{print substr($4, 0, length($4))}'`; do | |
KEY_ID=$key_id | |
export KEY_ID | |
# lpass currently doesn't have a way of displaying individual fields from | |
# an "SSH Key" Secure note. So here we grep everything but the final Notes field, | |
# that has the ASCII armor private key with a leading carriage return | |
# setsid is needed to force ssh-add to honor our SSH_ASKPASS. | |
$PREFIX/lpass show --notes $key_id | setsid ssh-add /dev/stdin | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
PREFIX=~/bin | |
if [ -z "$KEY_ID" ]; then | |
exit 1 | |
fi | |
$PREFIX/lpass show --field Passphrase $KEY_ID |
Also - would be good to know why it shows container id - could you post a snippet of your 'lpass ls' output?
riva% lpass ls "Secure Notes\SSH"
Secure Notes\SSH
ckb.privkey [id: 4535886926]
id_rsa_csoc [id: 4535876406]
id_rsa_cs [id: 4535866126]
id_dsa [id: 4535830506]
csoc-prod [id: 4532240616]
[id: 4532168026]
riva% lpass ls "Secure Notes\SSH" | less
[id: 4532168026]
Secure Notes\SSH/csoc-prod [id: 4532240616]
Secure Notes\SSH/id_dsa [id: 4535830506]
Secure Notes\SSH/id_rsa_cs [id: 4535866126]
Secure Notes\SSH/id_rsa_csoc [id: 4535876406]
Secure Notes\SSH/ckb.privkey [id: 4535886926]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cool idea - here's my version for 0.5.0:
https://gist.github.com/bcopeland/3cabf6ff3fe94fcbd566