SSH-agent protocol

[soraxas]

Just an idea:

Do you think the current rbw agent can be extended to perform SSH agent protocol by directly retrieving ssh keys from entries within rbw (e.g. supplying ssh-keys with bitwarden items that begins with name prefix like SSH_KEY_xxxx)

This crate seems relevant to this idea:
https://docs.rs/ssh-agent-lib/latest/ssh_agent_lib/

The goal would be removing the needs to store secret key directly on machines

[doy]

this would probably be possible, but i don't know that it is entirely necessary? i solve this issue by using a wrapper script for ssh which sets the SSH_ASKPASS environment variable to a script that runs rbw get (you can see the details at https://github.com/doy/conf/blob/main/rbw/.bin/ssh and https://github.com/doy/conf/blob/main/rbw/.bin/ssh-askpass). i'm not necessarily against using the ssh-agent protocol here, but it seems like it might just be a lot of work for not much benefit?

[Glandos]

Even if I developped https://framagit.org/Glandos/bw-ssh/ it seems that SSH keys are becoming a reality, at least in Vaultwarden: dani-garcia/vaultwarden#5187
It's still experimental, and requires the desktop clients, but it's a good time to check if it matches rbw goals.

[DrummyFloyd]

any update , because the app seems to work well with the integration
https://bitwarden.com/help/ssh-agent/#enable-ssh-agent
=)

[pmkap]

The first step would be to implement the new SSH Key items added to the vault. With this, one could easily make a ssh agent using rbw if @doy decides that adding an ssh agent is out of scope for this project.

@doy are you planning to implement the new SSH Key items, or would you accept a patch for this?