How to store SSH keys in LastPass
Purpose
The purpose of this post is to learn how to easily store SSH keys in LastPass using their command line client lpass.
Before you begin
A Linux machine is required to follow this tutorial.
Step 1 - Create a SSH key pair (public/private)
Run ssh-keygen setting a passphrase and a destination (by default ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub). We strongly recommend to add a strong passphrase, to do it you can use pwgen or apg binaries for example.
Double check ssh-keygen created a private and public key files.
Step 2 - Install LastPass CLI
It’s true that there is still no LastPass CLI package for Debian/Ubuntu .. BUT there are LastPass CLI packages for other OS like Fedora, Arch, Fedora, OS X and many more. More info on its GitHub page: https://github.com/lastpass/lastpass-cli.
There is no binary for Debian/Ubuntu, you should install first the dependencies and build the client from its repo:
# Install dependencies
sudo apt install --no-install-recommends \
cmake \
libcurl4-openssl-dev \
libssl-dev \
libxml2 \
libxml2-dev \
openssl \
pinentry-curses \
pkg-config \
xclip
# Clone, build and install LastPass CLI
cd /tmp
git clone https://github.com/lastpass/lastpass-cli.git
cd lastpass-cli
make
sudo make install
# Check LastPass CLI version
lpass -v
> LastPass CLI v1.3.3.GIT
More information about LastPass cli here.
Step 3 - Store SSH keys to LastPass
Log in to LastPass:
export LPASS_HOME=~/.lpass
export LPASS_AGENT_TIMEOUT=0
lpass login <your_email@your_email_server>
Enter master password, accept verification email (only first time) and 2 factor authentication if needed.
Running the following command you’ll create a SSH-Key secure note.
echo "SSH passhprase? "; read passhprase; \
printf "Private Key: %s\nPublic Key: %s"\
"$(cat ~/.ssh/id_rsa)" "$(cat ~/.ssh/id_rsa.pub)" | \
lpass add --non-interactive \
--sync=now "${passhprase}" \
--note-type=ssh-key
lpass show ${passhprase}
Previous comment was fixed thanks to @christopher_howie.
This note will be uploaded automatically to your LastPass Vault, depending on your version of LastPass CLI you should run lpass sync as well.
This post is using ~/.ssh/id_rsa.pub and cat ~/.ssh/id_rsa.pub. please change previous paths to your current SSH key destination paths.
Go to your LastPass Vault and make shure the ${passhprase} is there. If you cannot see the key, sometimes we might trigger the Refresh Site option going to More options > Advance > Refresh Site on the UI.
Finally, to do a quick search by command line you could use lpass together with grep:
lpass ls | grep <my_search>
# or a case-insensitive search
lpass ls | grep -i <my_search>
DevOps books:
Cloud providers:
DigitalOcean offers affordable pricing for VMs and many other public cloud services. You can sign up for DigitalOcean and receive a $100 free credit using this referral link.