How to Set Up SSH with Bitwarden on Linux Terminal

If you've ever tried to remotely access your favorite server, you know the importance of managing SSH keys. Luckily, with tools like Bitwarden, the process can be as smooth as a freshly brewed cup of coffee. Let’s dive into how to set up SSH with Bitwarden on your Linux terminal, ensuring that your keys are securely managed and accessible.

Understanding ssh-agent and ssh-add

Before we get started, let’s quickly talk about two crucial components: ssh-agent and ssh-add.

• ssh-agent is a background program that handles your SSH keys, allowing you to enter your passphrase only once per session instead of every time you connect to a server. It holds your decrypted private keys in memory, making it easy to authenticate without the hassle of typing your passphrase repeatedly.

• ssh-add is the command-line utility that adds your private keys to the ssh-agent. It can also remove keys from the agent, making it a handy tool for managing your SSH keys during your terminal sessions.

Getting Started with Bitwarden CLI

Let’s kick things off by installing the Bitwarden CLI. If you’re using Homebrew (and if you’re not, why aren’t you?), simply run the following command:

brew install bitwarden-cli

Configuring Bitwarden for the EU Server or self hosted Bitwarden

If you need to use Bitwarden’s EU server, you’ll have to set it up in your configuration. Use the following command:

bw config server https://vault.bitwarden.eu/

Logging into Bitwarden

Next, you’ll need to log into your Bitwarden account. Use the following command:

bw login

You will be prompted to enter your email and master password. If you have two-factor authentication enabled, don't forget to enter the code from your authenticator app.

Once you successfully log in, a session code will be displayed. This session code is your key to accessing Bitwarden and will look something like this (just remember to change the key!):

BW_SESSION="s+09m6dnOywyxGYN3qaLoGf21jhXiFIbgc1xSNnqdZU+uP7sRBYWZMNcfkrtetmljbbbfsqQkWwKrfv9ei/wK2Q=="

Setting Up Your .bash_profile

Now, let’s store that session code in your .bash_profile so it’s readily available when you log in. Open your .bash_profile with your favorite text editor and add the following lines:

export BW_SESSION="s+09m6dnOywyxGYN3qaLoGf21jhXiFIbgc1xSNnqdZU+uP7sRBYWZMNcfkrtetmljbbbfsqQkWwKrfv9ei/wK2Q=="

Note: While you can also use .profile, avoid placing this in .bashrc. The reason? .bashrc gets loaded every time you open a new terminal session, which could lead to unnecessary complications and multiple agent instances. Stick with .bash_profile or .profile to keep things clean and efficient!

Ensuring ssh-agent is Running

Next, you want to make sure that the ssh-agent is running and not restarting it every time you open a new shell. Add the following lines to your .bash_profile:

export SSH_AUTH_SOCK=~/.ssh/ssh-agent.$HOSTNAME.sock
ssh-add -l 2>/dev/null >/dev/null
if [ $? -ge 2 ]; then
  ssh-agent -a "$SSH_AUTH_SOCK" >/dev/null
fi

What This Script Does:

• It sets up a socket for the ssh-agent and checks if it’s already running. If it’s not, it starts a new instance of ssh-agent, ensuring that your keys are ready when you need them.

Syncing Your Bitwarden Vault

To ensure you have the latest entries in Bitwarden, you should run a sync:

bw sync

Loading SSH Keys into ssh-agent

Now, let’s create a script that will read the SSH keys from your Bitwarden vault and load them into the ssh-agent. Here’s a sample script:

KEYS=("KeyName1" "KeyName2" "KeyName3")  # Add your ssh key names here
for node in "${KEYS[@]}"; do
    echo "Processing $node..."
    bw list items --search "$node" | jq -r '.[0].sshKey.privateKey' | ssh-add -
    if [ $? -eq 0 ]; then
        echo "Successfully added notes for $node."
    else
        echo "Failed to add notes for $node."
    fi
done

What This Script Does:

• The script defines an array called KEYS containing the names of your worker nodes. It loops through each node, retrieves the corresponding SSH key from Bitwarden using bw list items, and adds it to the ssh-agent with ssh-add. If the key is successfully added, it echoes a success message; otherwise, it indicates failure.

Conclusion

And there you have it! With Bitwarden and a few simple scripts, you can manage your SSH keys securely and efficiently in your Linux terminal. No more worrying about where you stored that critical key or repeatedly entering your passphrase. Happy hacking, and may your connections be ever secure!

Problems You Might Encounter

Even the best-laid plans can hit a snag now and then. Here are a couple of issues you might run into while setting up SSH with Bitwarden, along with their solutions:

Error: OpenSSL Version Mismatch

You might encounter an error that reads something like this:

Error: OpenSSL version mismatch. Built against 30000020, you have 30100010 #314

This means your current OpenSSL version is not compatible with the Bitwarden CLI. Fear not! You can resolve this by updating your OpenSSL version. Depending on your package manager, you can run one of the following commands:

• For systems using DNF (like Fedora):

dnf upgrade

• For APT (like Ubuntu or Debian):

apt-get upgrade

After updating, you should be able to use Bitwarden without the version mismatch error.

Ensure Your .ssh Directory Exists

Another common hiccup is not having an .ssh directory in your home directory. If your terminal gives you a cryptic error about missing keys, it might just be that this directory is absent. To create it, run:

mkdir -p ~/.ssh

This command will create the .ssh directory if it doesn’t already exist, ensuring you have a proper home for all your SSH keys.