You can use and manage SSH Bookmarks for hosts that use keys available to the 1Password SSH agent.If you’re signed in to multiple accounts in the 1Password desktop app, make sure to unlock the accounts where you’ve stored the keys for your SSH hosts.
The quickest way to create a bookmark is to use the Bookmark option in the SSH activity log. You’ll see a Bookmark button next to any ssh commands you’ve run from the terminal (like ssh user@hostname).
Open the 1Password desktop app. Select Developer in the sidebar, then select View SSH agent.
Navigate to the Activity section and find the entry for the SSH host you want to bookmark.
Select Bookmark in the Actions column.
1Password will add the SSH host URL to the associated SSH Key item, then add the bookmark to the Bookmarks section of the SSH Agent developer page.
If you want to create a bookmark for an SSH host that you haven’t connected to recently, you can manually add a custom URL field to an SSH Key item.In 1Password, find the SSH Key item for the host you want to bookmark, then edit the item to add a custom field with the SSH host URL (a field label isn’t required). The bookmark will be added to the Bookmarks section of the SSH Agent developer page.SSH host URLs must start with ssh:// and can use the hostname or IP address of the SSH host. If you’ve defined a Host block in your ~/.ssh/config file with a custom alias (for example, Host my-host-alias), you can also bookmark the alias instead of the actual hostname or IP address. Examples of different types of bookmarks:
Connect to any of your bookmarked SSH hosts directly from the Bookmarks section of the SSH Agent developer page.To use a bookmark from the list, select Connect. 1Password will launch the terminal, which initiates a connection to the SSH host. Then authorize the connection, if prompted.1Password uses the terminal application set for SSH URLs to connect to the host.
From the Bookmarks section of the SSH Agent page, select > Remove bookmark in the bookmark’s Actions menu.You can also remove a bookmark by editing the SSH Key item. Remove the SSH host URL from the item, or delete the item if you no longer need the SSH key.Using either method removes an SSH Bookmark from your Bookmarks list, the SSH Key item, and the 1Password SSH configuration file, if you turned on that feature.
1Password can automatically manage an SSH config file (~/.ssh/1Password/config) that matches bookmarked SSH hosts with the corresponding SSH key. You can include this file in your main SSH config file (~/.ssh/config). This also prevents you from running into the six-key server limit.Note that generating SSH configuration files will store your unencrypted SSH host URLs and SSH public keys for your bookmarks on disk. Your private keys will remain safe in 1Password.
To start using the 1Password configuration file, you’ll need to include it in your main SSH config file.Add the following line to the top of your ~/.ssh/config file:
Include ~/.ssh/1Password/config
Then save your changes to the file.1Password manages changes to the ~/.ssh/1Password/config file. Any time you create, edit, or remove an SSH Bookmark, 1Password automatically updates the configuration file.If you want to override any of the rules from the 1Password configuration file, you can do so by editing your SSH configuration file. Copy the relevant Match Host block from the 1Password-generated ~/.ssh/1Password/config file into your ~/.ssh/config file. Then edit the configuration values in the block to your preferred values.If you turn off the setting to generate configuration files, 1Password will remove the ~/.ssh/1Password directory and all generated files.
Do not manually edit the 1Password-generated filesManual edits made to the 1Password-generated files won’t be saved. If you need to make changes, edit your SSH Bookmarks in 1Password or make the changes in your main ~/.ssh/config file.
1Password will use your system’s default terminal application to launch SSH connections without additional setup, or you can choose your preferred terminal option in the settings.
The custom terminal command option allows you to provide your own shell command to open ssh:// URLs.Terminal commands are executed using the cmd.exe /c start process and can only contain simple command-line arguments. For more complex arguments that use environment variables or interpolation, you can create a script file and use the script’s file path in your command.A basic command structure could include the terminal application, with any options and flags you want to use to specify the terminal’s behavior, followed by the SSH command and URL option(s).For example, if you want 1Password to use the Windows Terminal to open an SSH URL in a maximized window with a vertical, split-pane, you could use a command like:
wt.exe --maximized split-pane -V ssh %s
If your terminal app isn’t in your PATH, use the full path of the app in your command. For example:
You can use one or more of the following options in your command to reference all or part of the SSH URL in your bookmark:
%s: the full SSH URL in your bookmark (for example: ssh://admin@example.com:9999)
%u: the user (admin)
%h: the host (example.com)
%p: the port (9999)
If you want 1Password to use the full SSH URL syntax from your bookmark, use the %s option in your custom command:
my-command %s
If your SSH client doesn’t support the SSH URL syntax, use the %u and %h options to pass the host and user variables separately when 1Password invokes your custom command:
my-command --user %u --host %h --port %p
The --port %p variable is optional. You don’t need to include port information in your bookmark or custom command unless you need to use a port other than the default SSH port (22).If you don’t want 1Password to replace an SSH URL option with a variable, add a backslash (\) before the option to escape it so it’s treated as a literal string. For example:
Open the 1Password desktop app and navigate to Settings > Developer.
Go to the Advanced section for the SSH Agent and locate the Open SSH URLs with setting.
Select the option you want 1Password to use to open SSH connections: your preferred terminal application from the available options, a custom terminal command, or xdg-open.
If you want 1Password to handle your bookmarks separately from the rest of your system, you can choose your preferred terminal or a custom command in 1Password and configure xdg-open for your system.
The custom terminal command option allows you to provide your own shell command to open ssh:// URLs.Terminal commands are executed using the systemd-run process and can only contain simple command-line arguments. For more complex arguments that use environment variables or interpolation, you can create a script file and use the script’s file path in your command.A basic command structure could include the terminal application, with any options and flags you want to use to specify the terminal’s behavior, followed by the SSH command and URL option(s).For example, if you want 1Password to use the WezTerm terminal app to open an SSH URL in a new tmux session on a remote server, you could use a custom command like:
wezterm -e ssh %s tmux new -A
If your terminal app isn’t in your PATH, use the full path of the app in your command. For example:
/home/my-apps/my-terminal-app ssh %s
For more complex arguments, you can create a custom script and use the full path of the script in your command. For example:
/home/user/scripts/my-custom-script.sh %s
You can use one or more of the following options in your command to reference all or part of the SSH URL in your bookmark:
%s: the full SSH URL in your bookmark (for example: ssh://admin@example.com:9999)
%u: the user (admin)
%h: the host (example.com)
%p: the port (9999)
If you want 1Password to use the full SSH URL syntax from your bookmark, use the %s option in your custom command:
my-command %s
If your SSH client doesn’t support the SSH URL syntax, use the %u and %h options to pass the host and user variables separately when 1Password invokes your custom command:
my-command --user %u --host %h --port %p
The --port %p variable is optional. You don’t need to include port information in your bookmark or custom command unless you need to use a port other than the default SSH port (22).If you don’t want 1Password to replace an SSH URL option with a variable, add a backslash (\) before the option to escape it so it’s treated as a literal string. For example:
You can use xdg-open to open ssh:// URLs with the application that registers the x-scheme-handler/ssh MIME type.To customize how xdg-open launches ssh:// URLs, you can create a .desktop file:
Create a file called 1password-ssh-handler.desktop in ~/.local/share/applications with the following content:
