Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am giving my BitWarden server a bit of a shake down, and since that didn’t take as long as expected, I have a story or two from rearranging my SSH keys. Let’s get started!
Server Fully Operational
I changed the Bitwarden app to only open with a pin code. I open Bitwarden Unfortunately, whenever I try to fill in a username and password on an email, banking account, etc, it forces me to type in my entire Bitwarden master password before it will then autofill the email, banking username and password. Bitwarden Send is a trusted way to securely share one-time information directly with anyone. Read the Full Story Why choose Bitwarden for password management?
Picking up from last week, I installed a BitWarden home server on BlinkiePi and set it up with a static IP making sure it had a unique hostname. To test it, I plugged it directly into my home router. I had to generate and install a self-signed security certificate so the browser plugin could recognize my server once I had directed its traffic appropriately.
I started early this week, expecting the firewall to be crazy complicated and maybe an exercise in futility, but that wasn’t the case. I found a package literally named “uncomplicated fire wall” (ufw). It installed no problem and I was easily able to reject unrecognized traffic by default, then allow ports for SSH and BitWarden.
I then went ahead and installed BitWarden plugins on my remaining computers, trying and failing to follow all the important steps from memory until I gave in and looked up the tutorial again. Later on in the week, I wanted to ensure my setup could withstand a power blink, so I cut power and and later restored it. I expected I’d need to spend a few hours trying to figure out how to get it auto started, but it’s almost like this project wants to short me of content, because I was able to reach its web interface no problem.
SSH Keys Between My Computers
I don’t like entering passwords every time I want to log into a system. SSH keys are way faster and more secure because the host machines are essentially letting you in as you essentially scan an ID instead of stopping to perform a secret handshake that can be more easily faked.
I did some research a while ago, and I found questions as to if the rsa method of making keys was still okay to use. To be honest, if it wasn’t, OpenSSH would probably push an update blocking its usage or at least notifying users that it’s been cracked wide open.
Nevertheless, when I redid my SSH easy access network, I used ed25519 to make my keys, and I transferred them over with ssh-copy-id to move them from one computer to another. I have three workstations I flip flop between, as well as my new password server and my Pi400 hack router. Now that I think about it, I could include the NAS and the Pi4 serving as our entertainment center, but that will wait for a later date.
One nice surprise I found was when I was copying a key from my main desktop on the 400’s subnet to one of my machines on the wider home network, and when my desktop didn’t recognize the computer, but the Pi400 did, the router vouched for the host I was reaching out to.
Takeaway
I suppose I could improve my setup with auto updates. That will mean another hole punched in the firewall, but in all reality, that’s a topic across my network for another day.
Bitwarden Ssh Client
Final Question
If you were to spend a week in space, what games would you feel obliged to play along the way?
I have recently started using Chezmoi to manage my dotfiles (and various other pieces software config) across multiple machines. The distribution is done via a git repo and therefore we should not check in secrets such as the private part of the SSH key. Using Bitwarden, we can store the key in a Secure Note and retrieve on the other machines.
Setup
The rest of this post assumes you already have Chezmoi installed and set up:
Bitwarden Ssh Software
You will also need a pre-existing SSH key:
Store the key
The public key part of the SSH key can be stored in Chezmoi in plain text:
To store the private part we are going to need to install the bitwarden-cli and then login and unlock it:
Now, we get to the magic sauce. This line will store your SSH key (stored at ~/.ssh/id_rsa) in a secure note in Bitwarden:
And finally, we need to tell chezmoi where to get the key from. Create a file in your chezmoi repo at this location: private_dot_ssh/private_id_rsa.tmpl and add this as the contents:
(For OSX, this file needs a new line character at the end. For Linux, I believe it mustn’t, so you might need to end the file with -}} instead)
Make sure all the files are committed and pushed to the origin.
Retrieve the key
Bitwarden Ssh Password
On another machine where you want to retrieve the same key, make sure bitwarden-cli and Chezmoi are installed and first do the same login and unlock steps for Bitwarden as above. Then simplpy do:
And that’s it. Check your private key has made it safely to your machine by doing cat ~/.ssh/id_rsa.
Bitwarden Ssh Server
You can see the full example of my chezmoi config here.