Srid (Feb 13 2024 at 17:34): Srid (Feb 13 2024 at 17:34):You can configure home-manager ssh module to use local 1Password SSH agent socket, as well as forward this agent to external machines so that SSH-based operations (like git pull) on that external machine will use the local 1Password keys via TouchID!
This obviates from having to keep private ssh keys from external machines. Everything is managed locally on mac by 1Password.
https://github.com/srid/nixos-config/blob/master/home/ssh.nix
Tim DeHerrera (Feb 13 2024 at 18:01):I can already use the ssh key stored on my yubikey from remote hosts by passed the ssh -A option when connecting, which then forwards the key to the agent on the host I'm connecting to. What I'm lacking is passing through things like my GPG key or configured OTP keys for passwordless sudo, but only when yubi is available
Srid (Feb 13 2024 at 18:02):I want the same thing (sudo, etc.) but via 1Password.
Srid (Feb 13 2024 at 18:03):https://1password.community/discussion/128353/sudo-support
Tim DeHerrera (Feb 14 2024 at 00:21):Actually I guess there is a protocol called usbip and someone wrote a perl script for something like what I'm after:
https://github.com/turistu/usbip-ssh
However this script somewhat annoyingly is the reverse of what I'd like. It gives a client a way to expose a servers USB devices to the client. What I'd like is a way to forward the clients to the server so I can authenticate with the yubikey remotely.
I'm sure the script could be modified to do what I want though, I might have a crack at it later.
Last updated: Nov 15 2024 at 12:33 UTC