Replacing pageant with openssh-pageant-bridge to use SSH keys stored inside 1Password
I recently found myself needing a new SSH key. Ever since I created my last SSH key, a couple of years have passed and I am now using 1Password. So why not store the SSH key inside 1Password?
386 Words … ⏲ Reading Time: 1 Minute, 45 Seconds
2024-12-01 00:00 +0000
I recently found myself needing a new SSH key. Ever since I created my last SSH key, a couple of years have passed and I am now using 1Password. So why not store the SSH key inside 1Password?
Install the OpenSSH client on Windows
Open an elevated PowerShell prompt and install the OpenSSH Client via the following command:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Success will be indicated by the output:
Path :
Online : True
RestartNeeded : False
Verify the installation with Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'.
Name : OpenSSH.Client~~~~0.0.1.0
State : Installed
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
With that OpenSSH Client is installed.
Configure 1Password to provide your SSH key
Next follow the guide at https://developer.1password.com/docs/ssh/get-started/.
Do not forget to disable the OpenSSH Authentication Agent in your services.msc.
Install WinSSH-Pageant
Now install WinSSH-Pageant: https://github.com/ndbeals/winssh-pageant?tab=readme-ov-file#installation and add it to your autostart as described in the README:
winget install winssh-pageant
If you didn’t use winget to install WinSSH-Pageant, you need to create a shortcut inside you Startup directory:
- Open
%appdata%\Microsoft\Windows\Start Menu\Programs\Startup - Create a shortcut to the location of
winssh-pageant.exe - Verify the autostart is set corretly by opening Task Manager and switch to the Startup tab.
- You should see a “WinSSH-Pageant Bridge” entry there.
Verify that your SSH key is available for use, run ssh-add -L in your PowerShell.
Caveat: If you were using PuTTY with pageant before, chances are you have stored the path to you key inside PuTTY. To use the key from inside 1Password, you need to clear the corresponding config field inside PuTTY: Connection -> SSH -> Auth -> Private key file for authentication.
You are now all set to use PuTTY (and ssh inside PowerShell) with the SSH key from inside your 1Password.
Extra tip:
If you want to use the new SSH key from inside 1Password to sign your git commits with, simply open the SSH item in the 1Password app and click “Configure Commit Signing”.
In the next window, click “Edit Automatically”.
This will essentially:
- Set
gpg.format tossh. - Set
user.signingkeyto the public key you chose to sign commits with. - Set
commit.gpgsignto true so you don’t need to include the -S flag with each commit. (optional) - Set
gpg.ssh.programto the SSH signer binary provided by 1Password, so you don’t have to set SSH_AUTH_SOCK yourself. (optional)
See: https://developer.1password.com/docs/ssh/git-commit-signing/