125 lines
2.8 KiB
Markdown
125 lines
2.8 KiB
Markdown
# pass-sshkeys
|
|
|
|
A [pass](https://www.passwordstore.org/) extension for managing SSH keys and configurations securely.
|
|
|
|
## Description
|
|
|
|
`pass-sshkeys` allows you to store and manage your SSH private keys and configurations within your password store. This enables you to:
|
|
|
|
- Securely store SSH keys encrypted with GPG
|
|
- Import/export SSH keys and configurations between machines
|
|
- Connect to hosts directly using stored keys without permanent import
|
|
- Keep your `.ssh` directory clean and manage keys on a per-host basis
|
|
|
|
## Installation
|
|
|
|
### Dependencies
|
|
|
|
- `pass` >= 1.7.0
|
|
- `bash` >= 4.0
|
|
- Standard Unix tools (`awk`, `sed`, etc.)
|
|
|
|
### From Git
|
|
|
|
```bash
|
|
git clone https://github.com/malarinv/pass-sshkeys
|
|
cd pass-sshkeys
|
|
sudo make install
|
|
```
|
|
|
|
### Manual Installation
|
|
|
|
1. Copy `sshkeys.bash` to `/usr/lib/password-store/extensions/` or `~/.password-store/.extensions/`
|
|
2. Ensure it's executable: `chmod +x sshkeys.bash`
|
|
|
|
### User Extensions
|
|
|
|
If you don't want to install this as a system extension, you can enable user extensions with:
|
|
|
|
```bash
|
|
export PASSWORD_STORE_ENABLE_EXTENSIONS=true
|
|
```
|
|
|
|
For convenience, add this alias to your `.bashrc`:
|
|
|
|
```bash
|
|
alias pass='PASSWORD_STORE_ENABLE_EXTENSIONS=true pass'
|
|
```
|
|
|
|
## Usage
|
|
|
|
### Import SSH Keys and Config
|
|
|
|
Import a single host:
|
|
|
|
```bash
|
|
pass sshkeys import hostname
|
|
```
|
|
|
|
When importing a host, the extension automatically detects and handles ProxyJump configurations:
|
|
|
|
- Recursively imports any ProxyJump hosts found in the config
|
|
- Maintains the complete chain of proxy hosts
|
|
- Stores all necessary keys and configurations for the entire connection chain
|
|
|
|
Import all hosts from SSH config:
|
|
|
|
```bash
|
|
pass sshkeys import-all
|
|
```
|
|
|
|
### Export SSH Keys and Config
|
|
|
|
Export a single host:
|
|
|
|
```bash
|
|
pass sshkeys export hostname
|
|
```
|
|
|
|
Export all stored hosts:
|
|
|
|
```bash
|
|
pass sshkeys export-all
|
|
```
|
|
|
|
### Direct Connection
|
|
|
|
Connect to a host using stored keys without importing:
|
|
|
|
```bash
|
|
pass sshkeys connect hostname
|
|
```
|
|
|
|
The connect command:
|
|
|
|
- Automatically sets up all ProxyJump hosts in the connection chain
|
|
- Creates temporary configurations and keys for both the target host and any proxy hosts
|
|
- Cleans up temporary files after the connection ends
|
|
|
|
## Storage Structure
|
|
|
|
Keys and configurations are stored in your password store under the `ssh/` prefix:
|
|
|
|
```fs
|
|
Password Store
|
|
└── ssh
|
|
└── hostname
|
|
├── config
|
|
├── id_rsa
|
|
└── id_ed25519
|
|
```
|
|
|
|
## Security Considerations
|
|
|
|
- All keys are encrypted using your GPG key(s)
|
|
- Temporary keys created during `connect` operations are stored in `/tmp` and cleaned up automatically
|
|
- Original SSH config files are backed up before modifications
|
|
|
|
## License
|
|
|
|
This extension is licensed under the GNU General Public License v3.0 or later.
|
|
|
|
## Contributing
|
|
|
|
Contributions are welcome! Please feel free to submit a Pull Request.
|