SSH Agent

With the SSH agent, Bitwarden users are able to store and manage Secure Shell (SSH) keys for encrypted access to servers and application interfaces. The Bitwarden SSH agent can list and use SSH keys stored in the Bitwarden vault.

Using the Bitwarden desktop app, the SSH feature will allow users to create new SSH keys or import existing keys to the Bitwarden vault. Access to view and edit stored SSH keys is available on Bitwarden mobile clients as well.

Enable SSH agent

To enable SSH storage on your Bitwarden desktop app, navigate to Settings and Enable SSH agent.

Enable SSH storage on desktop client
Enable SSH storage on desktop client

Storing an SSH key

New SSH keys can be created and saved in the Bitwarden desktop app UI. Bitwarden SSH keys will store:

Field

Description

Key name

The name for your SSH key.

Private key

The private key is sensitive data that will be used by the server to facilitate secure connection. Private key data should be treated with care and kept secure. Users may use Bitwarden to generate a secure, unique private key.

Public key

Portion of the key shared with the server that you will be connecting to.

Fingerprint

A short unique sting generated from the public key used to identify the key. For example, SSH-signed git commits can be verified using the fingerprint.

SSH keys stored in the Bitwarden password manager will have access to Bitwarden features such as folders, collections, favorites, master password re-prompt, notes, cloning items, attachments, and custom fields.

Create new SSH key

  1. Select the New button and choose SSH key as the item type.

    Create new SSH key on desktop client
    Create new SSH key on desktop client
    備考

    At this time, Bitwarden can only generate ED25519 type SSH keys.

  2. Fill in remaining details such as Name and select the Save icon once complete.

Import key to Bitwarden

Existing SSH keys can be imported into Bitwarden.

  1. Select SSH key from the navigation menu.

  2. Copy the existing SSH key you wish to import into Bitwarden. Use the Import key from clipboard button. This will automatically paste the SSH key into Bitwarden.

    Import SSH key on desktop client
    Import SSH key on desktop client

    備考

    Imported keys must be in OpenSSH or PKCS#8 formats and cannot be password protected. Additionally, at this time, Imported SSH keys from Putty are not compatible.

Edit existing keys

Once an SSH key has be saved in your Bitwarden vault, you may edit the key using the Bitwarden desktop app or mobile client. To edit an SSH key:

  1. Open the Bitwarden desktop app and navigate to SSH keys.

  2. Locate the SSH key you wish to edit and then select Edit.

  3. Once you have completed desired changes, select Save.

  1. Open the Bitwarden mobile app and navigate to SSH keys.

    Mobile SSH key vault
    Mobile SSH key vault
  2. Locate the SSH key you wish to edit and then select Edit.

    Select edit SSH key iOS
    Select edit SSH key iOS
  3. Once you have completed desired changes, select Save.

    Save SSH item iOS
    Save SSH item iOS

Configure Bitwarden SSH agent

In order to use Bitwarden as your primary SSH agent, you will be required to configure your SSH client to communicate with Bitwarden for authentication.

To enable the Bitwarden SSH agent on Windows, you must disable the OpenSSH service on your Windows machine. To disable OpenSSH:

  1. On your Windows machine, navigate to Services → OpenSSH Authentication Agent. The Administrator services window can be accessed using the Windows + R run command.

  2. Once you have opened the OpenSSH Authentication Agent Properties window, Set the Startup type setting to Disabled.

    備考

    If OpenSSH Authentication Agent is not an option in the Services list, there is no need to disable the service.

Enable the Bitwarden SSH agent on MacOS:

  1. Export the SSH_AUTH_SOCK variable and set it to bitwarden.ssh-agent.sock. In the following example, replace <user> with your username:

    Bash
    export SSH_AUTH_SOCK=/Users/<user>/.bitwarden-ssh-agent.sock

Enable the Bitwarden SSH agent on Linux:

  1. Export the SSH_AUTH_SOCK variable and set it to bitwarden.ssh-agent.sock. In the following example, replace <user> with your username:

    Bash
    export SSH_AUTH_SOCK=/Users/<user>/.bitwarden-ssh-agent.sock

Testing SSH keys

Once the SSH agent has been configured for Bitwarden, we can test the setup by requesting an SSH list:

Bash
ssh-add -L

This will return a list of SSH keys saved in your Bitwarden desktop client.

備考

When accessing an SSH key, the behavior of Bitwarden will differ depending on the lock or unlock status of the client.

  • Locked vault: If your Bitwarden vault is locked, it must first be unlocked in order to gain access to the SSH key. This can be done by logging into the desktop app or unlocking the vault if it is open in locked state.

  • Unlocked vault: If the desktop vault is unlocked, you will be prompted to confirm the SSH key usage.

Use SSH key to connect to GitHub

Connect to GitHub with SSH:

  1. Import or create a new SSH key on the Bitwarden desktop client. See here for more information to create an SSH key.

  2. On your GitHub account, setup an SSH key by navigating to Settings, SSH and GPG keys, then select New SSH Key.

    Create new GitHub SSH key
    Create new GitHub SSH key
  3. On the add new SSH key screen, add a Name, select a Key type. Choose Authentication Key for authenticating GitHub session. Copy & paste the Public key from your Bitwarden vault into the Key field on GitHub.

    Create new GitHub key
    Create new GitHub key
  4. Once you have completed all of the fields, select Add SSH key to save the key. GitHub will request you verify your GitHub account before the key is saved.

  5. Test the GitHub SSH key in your terminal, for example if you are using macOS:

    Bash
    ssh git@github.com

Sign Git commits using SSH

Use the Bitwarden SSH agent to sign SSH Git commits. In order to sign SSH commits, there are a few perquisites:

  • Git version 2.34 or later. You may check your Git version with:

    Bash
    git --version
  • OpenSSH version 8.8 or newer. Check version with:

    Bash
    ssh -V
  • Bitwarden desktop client with SSH agent enabled.

Configure Git for SSH signing

  1. Set Git to use SSH for signing:

    Bash
    git config --global gpg.format ssh
  2. Specify the SSH key to use as the singing key. To use the Bitwarden SSH agent, replace /YOUR/PUBLIC/SSH/KEY with the public key copied from the SSH key saved in your Bitwarden vault.

    Bash
    got config --global user.signingkey /YOUR/PUBLIC/SSH/KEY

Create a key on GitHub

  1. On your GitHub account, setup an SSH key by navigating to Settings, SSH and GPG keys, then select New SSH Key.

  2. On the add new SSH key screen, add a Name, select a Key type. Choose Signing Key. Copy & paste the Public key from your Bitwarden vault into the Key field on GitHub.

  3. Use the SSH key to clone your repository with SSH method:

    SSH clone
    SSH clone
    Bash
    git clone git@github.com:<USER>/<repository>.git
  4. To commit and push code with standard Git practices:

    Bash
    git commit -m "This commit is signed using SSH"
  5. If your Bitwarden vault is unlocked, select Authorize on the Bitwarden desktop client. If you vault is locked, you will be prompted to unlocked your vault. Select Authorize to continue:

    Authorize SSH with client
    Authorize SSH with client
  6. Once authorized, the SSH key will be initiated to approve the commit. You may now push the commit:

    Bash
    git push


Next steps

このページの変更を提案する

どうすればこのページを改善できますか?
技術、請求、製品に関するご質問は、サポートまでお問い合わせください。

クラウドのステータス

ステータスを確認する

あなたのサイバーセキュリティの知識をレベルアップさせましょう。

ニュースレターを購読してください。


© 2024 Bitwarden, Inc. 利用規約 プライバシー クッキーの設定 サイトマップ

このサイトは日本語でご利用いただけます。
Go to EnglishStay Here