infra
/
pass-sshkeys
mirror of https://github.com/malarinv/pass-sshkeys.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
passwordstore plugin to import and export ssh keys
8 Commits
1 Branch
0 Tags
60 KiB
Shell 87.7%
Python 11.5%
Makefile 0.8%
 
 
 
Go to file
Malar Invention fbaac23db1 fix: update usage messages to reflect correct command prefix 'sshkeys' 2025-10-30 21:01:58 +05:30
completion feat: implement import/export functionality for SSH keys and configs 2025-07-18 01:16:06 +05:30
deprecated feat: implement import/export functionality for SSH keys and configs 2025-07-18 01:16:06 +05:30
extension fix: update usage messages to reflect correct command prefix 'sshkeys' 2025-10-30 21:01:58 +05:30
.env init: initial bootstrap of pass sshkeys plugin 2025-02-09 10:38:37 +05:30
.envrc init: initial bootstrap of pass sshkeys plugin 2025-02-09 10:38:37 +05:30
LICENSE Initial commit 2025-02-09 10:34:38 +05:30
Makefile feat: implement import/export functionality for SSH keys and configs 2025-07-18 01:16:06 +05:30
README.md feat: implement import/export functionality for SSH keys and configs 2025-07-18 01:16:06 +05:30
lastpass2pass.py init: initial bootstrap of pass sshkeys plugin 2025-02-09 10:38:37 +05:30

README.md

pass-sshkeys

A pass extension for managing SSH keys and configurations securely.

Description

pass-sshkeys allows you to store and manage your SSH private keys and configurations within your password store. This enables you to:

  • Securely store SSH keys encrypted with GPG
  • Import/export SSH keys and configurations between machines
  • Connect to hosts directly using stored keys without permanent import
  • Keep your .ssh directory clean and manage keys on a per-host basis

Installation

Dependencies

  • pass >= 1.7.0
  • bash >= 4.0
  • Standard Unix tools (awk, sed, etc.)

From Git

git clone https://github.com/malarinv/pass-sshkeys
cd pass-sshkeys
sudo make install

Manual Installation

  1. Copy sshkeys.bash to /usr/lib/password-store/extensions/ or ~/.password-store/.extensions/
  2. Ensure it's executable: chmod +x sshkeys.bash

User Extensions

If you don't want to install this as a system extension, you can enable user extensions with:

export PASSWORD_STORE_ENABLE_EXTENSIONS=true

For convenience, add this alias to your .bashrc:

alias pass='PASSWORD_STORE_ENABLE_EXTENSIONS=true pass'

Usage

Import SSH Keys and Config

Import a single host:

pass sshkeys import hostname

When importing a host, the extension automatically detects and handles ProxyJump configurations:

  • Recursively imports any ProxyJump hosts found in the config
  • Maintains the complete chain of proxy hosts
  • Stores all necessary keys and configurations for the entire connection chain

Import all hosts from SSH config:

pass sshkeys import-all

Export SSH Keys and Config

Export a single host:

pass sshkeys export hostname

Export all stored hosts:

pass sshkeys export-all

Direct Connection

Connect to a host using stored keys without importing:

pass sshkeys connect hostname

The connect command:

  • Automatically sets up all ProxyJump hosts in the connection chain
  • Creates temporary configurations and keys for both the target host and any proxy hosts
  • Cleans up temporary files after the connection ends

Storage Structure

Keys and configurations are stored in your password store under the ssh/ prefix:

Password Store
└── ssh
    └── hostname
        ├── config
        ├── id_rsa
        └── id_ed25519

Security Considerations

  • All keys are encrypted using your GPG key(s)
  • Temporary keys created during connect operations are stored in /tmp and cleaned up automatically
  • Original SSH config files are backed up before modifications

License

This extension is licensed under the GNU General Public License v3.0 or later.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.