Movatterモバイル変換

[0]ホーム
URL:

Skip to main content
New! You can now access secrets from1Password Environments on your device with a newlocal .env file destination.

Manage SSH keys

You can use 1Password to manage all your SSH keys.Generate SSH Key items – with public keys, fingerprints, and private keys – right in 1Password. And if you have existing SSH keys, you canimport them into 1Password. You can alsoexport your SSH keys from 1Password at any time.

tip

If you manage multiple SSH keys and you want to use them with the1Password SSH Agent, learn more about how to avoid theSSH server six-key limit.

Requirements

Before you can use 1Password to manage your SSH keys, you'll need to:

  1. Sign up for 1Password.
  2. Install and sign in to 1Password forMac,Windows, orLinux.
  3. (Optional)Install 1Password CLI2.20.0 or later.
    Required to create SSH keys using 1Password CLI.

Generate an SSH key

Generate an SSH key in the 1Password desktop apps or with 1Password CLI to use anywhere you need one.

  • Desktop apps
  • 1Password CLI
  1. Open and unlock the 1Password app, then navigate to yourPersonal,Private, orEmployee vault in the sidebar.
    If you'veconfigured the SSH agent for any shared or custom vaults, you can generate your SSH key in one of those vaults instead.
  2. SelectNew Item, then selectSSH Key.
  3. SelectAdd Private Key >Generate a New Key.
  4. Choose akey type, then selectGenerate.
  5. You can edit the name of your key and make any other changes. When you're done, selectSave.
The 1Password save dialog for an SSH Key item with the option to generate an Ed25519 key type selected.The 1Password save dialog for an SSH Key item with the option to generate an Ed25519 key type selected.

Import an SSH key

If you have an SSH key you want to save in 1Password, you can import it.

  1. Open and unlock the 1Password desktop app, then navigate to yourPersonal,Private, orEmployee vault in the sidebar.
    If you'veconfigured the SSH agent for any shared or custom vaults, you can generate your SSH key in one of those vaults instead.
  2. SelectNew Item >SSH Key.
  3. SelectAdd Private Key >Import a Key File, then navigate to the location of the SSH key you want and selectImport.You can also drag and drop your SSH key file directly into the new SSH item or paste it from your clipboard.
  4. If your SSH key is encrypted with a passphrase, enter the passphrase and selectDecrypt. You'll only need to enter the passphrase once. After you import the SSH key into 1Password, it'll be encrypted according to the1Password security model.
  5. When you're done, selectSave.
A new SSH Key item with Import a Key File selected.A new SSH Key item with Import a Key File selected.
Is your passphrase saved in 1Password?

If the passphrase for your SSH key is already saved in 1Password, useQuick Access to find and copy it without needing to switch context.

Use Quick Access to find and copy the passphrase for your SSH key.

Key import errors

If you see one of the error messages below when you import an SSH key in 1Password, check if there's an issue with the type of key, the file format, or the encryption:

If you see a message that your SSH key isn't supported

If you see a message that your SSH key isn't supported, make sure you're importing asupported Ed25519 or RSA (2048, 3072, or 4096-bit) key. Other key lengths and other key types, such asDSA orECDSA keys, aren't supported.

To check the key type and bit length, run the following command:

RSA keys also require a minimum public exponent of65,537 to meetNIST standards. RSA keys with a public exponent less than 65,537 aren't supported.To check the size of the public exponent for your key, run the following command:

If you see a message that your SSH key file couldn't be read

If you see a message that your SSH key file couldn't be read, make sure the key file is in a supported format. 1Password supportsPKCS#1,PKCS#8, andOpenSSH formats. Keys that use a different file format, such as PuTTYgen.ppk, aren't supported.

If you see a message that your SSH key couldn't be decrypted

If you see a message that your SSH key couldn't be decrypted, it could be that it's encrypted with an unsupported and outdated cipher such asRC4. You can re-encrypt your key file so that it uses a more modern algorithm and then try importing it again. To do this, run the following command:

If you still can't import your SSH key, you can use 1Password togenerate a new SSH key using the latest standards.

Export an SSH key

You can export a private SSH key from 1Password at any time.

  1. Open and unlock the 1Password desktop app.

  2. Choose the SSH key you want to export, then select the private key field.

  3. Choose the export format you need:OpenSSH orPKCS#8.

    If you imported a PKCS#1-formatted key into 1Password, you will also have the option to export that key inPKCS#1 format.

  4. Choose how you want to export your private key:

    • To encrypt your exported private key (OpenSSH format only), enter a passphrase, then selectCopy Encrypted Key orDownload Encrypted Key.
    • To export your private key in plaintext, leave the passphrase field empty (if there is one), then selectCopy Unencrypted Key orDownload Unencrypted Key.
A GitHub SSH key item with the private key field highlighted to show the Export option.A GitHub SSH key item with the private key field highlighted to show the Export option.The export dialog for a private key with an empty passphrase field and copy and download buttons.The export dialog for a private key with an empty passphrase field and copy and download buttons.
Keep your private keys safe

1Password can't protect SSH keys that you store outside of your account. If you need to export a private key, we recommend you save it in a secure location. Don't store unencrypted private keys on disk.

Share a public key

1Password will automatically generate the public key and fingerprint for each private key you create so you can share it with the services and people who need it.

You can copy or download the public key of an SSH key in the right format every time, and you can use the fingerprint to compare and identify your keys across all your services.

For platforms that let you provide public keys in the browser (often found in an SSH Key settings panel), you can use 1Password in your browser tofill your public key.

You can also copy your public key from the item view in 1Password and share it where needed, or useQuick Access to find your public key even faster without needing to switch context.

Copy or download your public key to share it with others.Copy or download your public key to share it with others.

Supported SSH key types

1Password supports the following key types, formats, and encryption algorithms:

  • Key types:Ed25519 andRSA (2048, 3072, and 4096-bit)
  • Formats: PKCS#1, PKCS#8, and OpenSSH
  • Encryption: AES and 3DES (all supported key formats), and ChaCha20-Poly1305 (OpenSSH format only)

Ed25519

Ed25519 is the fastest and most secure key type available today and is the option recommended by most Git and cloud platforms. Ed25519 is the default suggestion when you generate a new SSH key in 1Password and the key is automatically set to 256 bits.

The Ed25519 key type was first introduced in 2014 withOpenSSH 6.5. If you need to connect to an older server that isn't using OpenSSH 6.5 or later, an Ed25519 key won't work.

RSA

RSA is one of the oldest key types available and is compatible with most servers, including older ones. Compared to Ed25519, RSA is considerably slower, particularly with decryption, and is only considered secure if it's 2048 bits or longer. 1Password supports 2048-bit, 3072-bit, and 4096-bit RSA keys.

View SSH keys in 1Password 7

Generating, importing, and sharing SSH keys requires 1Password 8. Any SSH keys that you generate or import can be viewed and copied in the 1Password 7 apps on your other devices. Make sure you're using anupdated version of 1Password 7 to view or copy your public or private keys.

Was this page helpful?

[8]ページ先頭
©2009-2025 Movatter.jp