strongbox-password-safe
SSH Agent support
KeepassXC support SSH Agent support on both Windows and MacOS (from where I came) so now I have to split my ssh keys and other credentials into two diff databases, one for ssh-keys which I am loading into KeepassXC and rest of other credentials into Strongbox so I can enjoy the MacOS Autofill functionality and beautiful UI :)
Would love to see SSH-Agent support here even in the paid version.
I would like to suggest to add IOS or IPadOs as a label, because I use my Ipad to ssh with keys. On my Notebook the Passphrases are stored in KeyPassXC. I am syncing my Database with my Notebook, so it would be required to support the way KeyPassXC stores SSH Passphrases in the database.
agreed, the password field should behave as an ssh key passphrase as well.
On Fri, Apr 29, 2022 at 5:53 PM ChrTall @.***> wrote:
I would like to suggest to add IOS or IPadOs as a label, because I use my Ipad to ssh with keys. On my Notebook the Passphrases are stored in KeyPassXC. I am syncing my Database with my Notebook, so it would be required to support the way KeyPassXC stores SSH Passphrases in the database.
— Reply to this email directly, view it on GitHub https://github.com/strongbox-password-safe/Strongbox/issues/522#issuecomment-1113337373, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOKLX34O4DOJIQO7MVE2RLVHPSVLANCNFSM45ZYREEQ . You are receiving this because you authored the thread.Message ID: @.***>
Understand this is much requested so I've bumped up the list a little. Hopefully will get to research it in the coming months.
Understand this is much requested so I've bumped up the list a little. Hopefully will get to research it in the coming months.
Please make sure that the functionality also compatible with KeeypassXC as a lot of people have to work on cross platforms.
I also use KeepassXC on windows und unix. only on macos I use Strongbox because of good OS integration. no ssh-agent integration is becoming more and more a deal breaker.
Understood, it's very high on the radar, we'll hopefully have something in the next 3-4 months for you.
Hi all, we have a build ready on Testflight if you'd like to try it out. A few points to note...
Our implementation is a little different from KeePassXC. For technical reasons (mostly App Sandbox) we couldn't easily do it the way they do it, which is to add keys to the existing ssh-agent running on the machine. Instead Strongbox runs as an SSH agent itself. This means your keys stay only within Strongbox, they are not transferred externally to the SSH Agent.
This is similar to how 1Password do things. It also means, that not only do we get to keep the keys in Strongbox, but we can also prompt you whenever a process requests to use a key, tell you which process that is, and which key it's looking for, and you can decide if you want to allow this.
This also has some limitations:
- You can't use the keys if Strongbox is not running, or if your database containing the keys are locked. You will be prompted to unlock your database though if a process requests a key from Strongbox.
- We also don't support timed usage of the keys, though you can use Automatic Locking on your database as an alternative.
- We don't support external SSH Keys based stored in a file somewhere external to your Strongbox database. This isn't something we're likely to want to support at all.
We've also tried to build a nice UI around the KeeAgent configuration, though it must be said this isn't an ideal way of storing or configuring keys. The use of arbitrary attachments, XML based config, and the password field as a passphrase means an entry can become inconsistent. I think ideally, long term, we'd prefer to try to do a better implementation of SSH Keys, without the use of attachments, key file names, passphrase protection, or the storage of the passphrase in the password field.
You can add, remove and generate new SSH Keys (RSA & ED25519). Only OpenSSH formats are supported. We display public key/fingerprint on the details pane along with some info on the key itself, such as the Algorithm, Bits and whether the stored key is passphrase protected. You can also export at any time with a passphrase to the standard OpenSSH format.
We should be releasing this to the App Store shortly too, once Apple approve things and we don't find any last minute bugs.
Cheers.
Just a heads up, this is live on the App Store now, you can find some documentation on the feature here:
https://strongbox.reamaze.com/articles/ssh-agent
Feedback welcome!
@azfar Yes, for sure, this isn't based on any particular processor architecture.
I tried to import an existing ED25519 key using "From File..." and the application crashes each time. edit: StrongBox also crashes when I try to generate a key (RSA or ED25519) edit 2: Have tried creating a new entry and using an existing entry, also tried at the root of the Keepass v2 database to ensure path inside my DB wasn't an issue.
Process: Strongbox [51085] Path: /Applications/Strongbox.app/Contents/MacOS/Strongbox Identifier: com.markmcguill.strongbox.mac Version: 1.58.15 (5192) App Item ID: 1270075435 App External ID: 857479781 Code Type: X86-64 (Native) Parent Process: launchd [1] User ID: 501
Date/Time: 2023-06-02 11:09:18.4431 -0700 OS Version: macOS 13.4 (22F66) Report Version: 12 Bridge OS Version: 7.5 (20P5058)
Time Awake Since Boot: 910000 seconds Time Since Wake: 78456 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000008 Exception Codes: 0x0000000000000001, 0x0000000000000008
Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11 Terminating Process: exc handler [51085]
VM Region Info: 0x8 is not in any region. Bytes before following region: 140737486647288
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
shared memory 7fffffe5f000-7fffffe60000 [ 4K] r-x/r-x SM=SHM
@sonoranwanderer Thanks for the report, that is very odd, I wonder if there is an issue on the x86 build. Do you have an M1 you can test on?
Also, is the key passphrase protected?
@azfar Have you tried using this feature yet on x86?
The import was password protected, but in trying to generate a key, I hadn't got to the point yet. On generation it crashed the moment you click "New ED25519 Key" or "New RSA Key".
Hi All
great work! What am i missing, the Agent option is not available. App store says i have the latest pro version installed (arm mac). any help ? installed version is 1.58.14.

On 2 Jun 2023, at 12:51, Mark McGuill @.***> wrote:
Just a heads up, this is live on the App Store now, you can find some documentation on the feature here:
https://strongbox.reamaze.com/articles/ssh-agent
Feedback welcome!
— Reply to this email directly, view it on GitHub https://github.com/strongbox-password-safe/Strongbox/issues/522#issuecomment-1573534508, or unsubscribe https://github.com/notifications/unsubscribe-auth/AATD27GAVGFXZVCBKDTWJ6LXJHASTANCNFSM45ZYREEQ. You are receiving this because you commented.
Hi All great work! What am i missing, the Agent option is not available. App store says i have the latest pro version installed (arm mac). any help ? installed version is 1.58.14.
@wunderlins For me, the 1.58.15 also appeared only after a ⌘R. Have you already tried that?
thanks for feedback. i was looking with the wrong application since i have the lifetime version.
I have it.
best -S
On 8 Jun 2023, at 08:19, Sebastian @.***> wrote:
Hi All great work! What am i missing, the Agent option is not available. App store says i have the latest pro version installed (arm mac). any help ? installed version is 1.58.14.
For me, the 1.58.15 also appeared only after a ⌘R. Have you already tried that?
— Reply to this email directly, view it on GitHub https://github.com/strongbox-password-safe/Strongbox/issues/522#issuecomment-1581955177, or unsubscribe https://github.com/notifications/unsubscribe-auth/AATD27A5QRUOA7GA7GOHH7LXKFVIVANCNFSM45ZYREEQ. You are receiving this because you commented.
Got time to configure and test it. it works as expected. This makes Strongbox the best KeePass implementation for my needs.
I am a happy camper, excellent work.
Best -S
On 8 Jun 2023, at 09:24, Simon Wunderlin @.***> wrote:
thanks for feedback. i was looking with the wrong application since i have the lifetime version.
I have it.
best -S
On 8 Jun 2023, at 08:19, Sebastian @.***> wrote:
Hi All great work! What am i missing, the Agent option is not available. App store says i have the latest pro version installed (arm mac). any help ? installed version is 1.58.14.
For me, the 1.58.15 also appeared only after a ⌘R. Have you already tried that?
— Reply to this email directly, view it on GitHub https://github.com/strongbox-password-safe/Strongbox/issues/522#issuecomment-1581955177, or unsubscribe https://github.com/notifications/unsubscribe-auth/AATD27A5QRUOA7GA7GOHH7LXKFVIVANCNFSM45ZYREEQ. You are receiving this because you commented.
Thanks @wunderlins - very kind, I'm glad you like it. We've got a few more tweaks and we need to fix the crash on x86 machines, but we're close to finishing this one.
I use Vim with numerous plugins, all hosted on GitHub. However, whenever I upgrade these plugins simultaneously and the Strongbox is unfortunately locked during that time, the Strongbox unlock interface keeps popping up repeatedly, corresponding to the number of plugins. This becomes extremely annoying and renders the software virtually unusable.
Hi @damnever - Interesting, you could turn off approval messaging in the SSH Agent settings, this should be smoother. Would that work for you? I think longer term it would be good to say allow this process to use this key Always or something like that.
@strongbox-mark I apologize for the confusion. I have already turned off the approval messaging because the messages were becoming too bothersome.
Another case is: requesting the SSH key requires the database to be unlocked. If the database is locked, the unlock interface will keep popping up repeatedly too.
Interesting in the second case, perhaps a setting, "Don't Ask for Approval If Database Locked - Just Fail"?
requesting the SSH key requires the database to be unlocked. If the database is locked, the unlock/login interface will keep popping up repeatedly too.
I am not familiar with desktop/macOS development. Perhaps there is a locking mechanism, such as file locking, that could be used?
Unfortunately I don't think so. The model we use is different from KeePassXC which passes your keys off to a separate SSH Agent that keeps them available when KeePassXC is not around or unlocked.
In this case, the only thing I can think of if you need to have your keys always available is to keep your database unlocked. You can do this in the background without UI though.
Same issue here. After activating the ssh-agent-feature the application crashed.
Process: Strongbox [6172] Path: /Applications/Utilities/Strongbox.app/Contents/MacOS/Strongbox Identifier: com.markmcguill.strongbox Version: 1.58.15 (5193) App Item ID: 897283731 App External ID: 857186887 Code Type: X86-64 (Native) Parent Process: launchd [1] User ID: 501
Date/Time: 2023-06-24 11:29:07.6860 +0200 OS Version: macOS 13.4.1 (22F82) Report Version: 12 Bridge OS Version: 7.5 (20P5060) Anonymous UUID: 4016D308-09F9-4929-AA18-AB8BA45DCC49
Sleep/Wake UUID: 7B87AA69-1E89-4857-9837-99107721721C
Time Awake Since Boot: 35000 seconds Time Since Wake: 1254 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000008 Exception Codes: 0x0000000000000001, 0x0000000000000008
Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11 Terminating Process: exc handler [6172]
VM Region Info: 0x8 is not in any region. Bytes before following region: 140737488343032
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
shared memory 7fffffffd000-7fffffffe000 [ 4K] r-x/r-x SM=SHM
After deactivating the feature I can load the database as normal, but if I try to look at a ssh-key-entry the App crashed again.
Hi @sonnmar - Yep, aware of the issue and working on a fix. This only affects x86 machines.
Hi @sonnmar, @sonoranwanderer, @azfar
The x86 crash issue should be fixed with 1.58.16 available on the App Store now. Could you test and let me know?
You might need to search for Strongbox on the App Store and click in, to see the "Update" button, it might not be an automatic update.