✓ Verified 💻 Development ✓ Enhanced Data

Ssh Op

Use the ssh-op helper script to load an SSH private key from 1Password (op) into an in-memory ssh-ag

Rating
4.3 (286 reviews)
Downloads
5,780 downloads
Version
1.0.0

Overview

Use the ssh-op helper script to load an SSH private key from 1Password (op) into an in-memory ssh-agent.

Complete Documentation

View Source →

ssh-op

ssh-op is a wrapper around ssh that:

  • ensures an ssh-agent exists for the current shell
  • loads an SSH key from 1Password via op read ... | ssh-add -
  • then execs ssh with your arguments

Prerequisites

Fail-fast checks you can run:

bash
command -v op ssh ssh-agent ssh-add
op whoami

If op whoami fails:

  • Sign in to 1Password CLI (desktop integration / account sign-in), or
  • If using a service account flow, ensure OP_SERVICE_ACCOUNT_TOKEN is set.

Configuration (portable)

Machine-specific config lives alongside the skill:

  • Example (do not edit): ~/.openclaw/skills/ssh-op/config.env.example
  • Real (machine-specific): ~/.openclaw/skills/ssh-op/config.env
Required keys:
  • SSH_OP_VAULT_NAME — 1Password vault containing the key
  • SSH_OP_ITEM_TITLE — 1Password item title
Optional keys:
  • SSH_OP_KEY_FIELD — defaults to private key
  • SSH_OP_KEY_FINGERPRINT_SHA256 — if set, skip re-loading when already in ssh-agent
  • SSH_OP_HOSTS_FILE — defaults to hosts.conf (ssh config snippet filename)
SSH host entries (optional) live in:
  • ~/.openclaw/skills/ssh-op/hosts.conf

Initialization / installation / onboarding

Preferred (chat-first)

Because the primary interface is chat (Telegram), the preferred onboarding flow is:

  • Ask Boss the required questions in chat.
  • Write the real config file: config.env.
  • Run a smoke test (e.g. ssh-op --help and a safe ssh-op -T ).

Optional (terminal)

If you are running in a real terminal, you can use the interactive onboarding script:

bash
~/.openclaw/skills/ssh-op/scripts/onboard.sh

(If you want a step-by-step runbook, see references/onboarding.md.)

1) Put the executable on PATH

Canonical executable lives inside the skill:

  • ~/.openclaw/skills/ssh-op/scripts/ssh-op
For convenience, create a symlink:

bash
mkdir -p ~/.local/bin
ln -sf ~/.openclaw/skills/ssh-op/scripts/ssh-op ~/.local/bin/ssh-op

2) Configure which key to load

Run onboarding to populate the real config:

bash
~/.openclaw/skills/ssh-op/scripts/onboard.sh

(Or edit config.env manually and set SSH_OP_VAULT_NAME / SSH_OP_ITEM_TITLE.)

Then validate:

bash
ssh-op --help
# try a safe ssh command (or any host alias you have configured)
ssh-op -T <host-alias>

3) (Optional) Manage ~/.ssh/config host aliases

  • Put desired Host entries in hosts.conf
  • Apply them idempotently (adds/updates a managed block):
bash
~/.openclaw/skills/ssh-op/scripts/ensure_ssh_config.py

This will update ~/.ssh/config between:

  • # BEGIN ssh-op (managed)
  • # END ssh-op (managed)

Usage

bash
ssh-op <ssh-args...>

Examples:

bash
ssh-op my-host-alias
ssh-op -T my-host-alias
ssh-op -L 8080:localhost:8080 my-host-alias

Notes / behavior

  • No private key is written to disk.
  • ssh-agent lifetime is tied to the current shell unless you export SSH_AUTH_SOCK / SSH_AGENT_PID.

Executables / bin placement

  • Keep the canonical executable in the skill folder (scripts/ssh-op).
  • Use a symlink (e.g. ~/.local/bin/ssh-op) for convenience.

Installation

Terminal bash 

openclaw install ssh-op
Copied!

💻Code Examples

op whoami

op-whoami.txt
If `op whoami` fails:

- Sign in to 1Password CLI (desktop integration / account sign-in), **or**
- If using a service account flow, ensure `OP_SERVICE_ACCOUNT_TOKEN` is set.

## Configuration (portable)

Machine-specific config lives alongside the skill:

- Example (do not edit): `~/.openclaw/skills/ssh-op/config.env.example`
- Real (machine-specific): `~/.openclaw/skills/ssh-op/config.env`

Required keys:

- `SSH_OP_VAULT_NAME` — 1Password vault containing the key
- `SSH_OP_ITEM_TITLE` — 1Password item title

Optional keys:

- `SSH_OP_KEY_FIELD` — defaults to `private key`
- `SSH_OP_KEY_FINGERPRINT_SHA256` — if set, skip re-loading when already in `ssh-agent`
- `SSH_OP_HOSTS_FILE` — defaults to `hosts.conf` (ssh config snippet filename)

SSH host entries (optional) live in:

- `~/.openclaw/skills/ssh-op/hosts.conf`

## Initialization / installation / onboarding

### Preferred (chat-first)

Because the primary interface is chat (Telegram), the preferred onboarding flow is:

1. Ask Boss the required questions in chat.
2. Write the real config file: `config.env`.
3. Run a smoke test (e.g. `ssh-op --help` and a safe `ssh-op -T <alias>`).

### Optional (terminal)

If you are running in a real terminal, you can use the interactive onboarding script:

~/.openclaw/skills/ssh-op/scripts/onboard.sh

openclawskillsssh-opscriptsonboardsh.txt
(If you want a step-by-step runbook, see `references/onboarding.md`.)

### 1) Put the executable on PATH

Canonical executable lives inside the skill:

- `~/.openclaw/skills/ssh-op/scripts/ssh-op`

For convenience, create a symlink:

ln -sf ~/.openclaw/skills/ssh-op/scripts/ssh-op ~/.local/bin/ssh-op

ln--sf-openclawskillsssh-opscriptsssh-op-localbinssh-op.txt
### 2) Configure which key to load

Run onboarding to populate the real config:

~/.openclaw/skills/ssh-op/scripts/onboard.sh

openclawskillsssh-opscriptsonboardsh.txt
(Or edit `config.env` manually and set `SSH_OP_VAULT_NAME` / `SSH_OP_ITEM_TITLE`.)

Then validate:

ssh-op -T <host-alias>

ssh-op--t-host-alias.txt
### 3) (Optional) Manage ~/.ssh/config host aliases

1. Put desired `Host` entries in `hosts.conf`
2. Apply them idempotently (adds/updates a managed block):

~/.openclaw/skills/ssh-op/scripts/ensure_ssh_config.py

openclawskillsssh-opscriptsensuresshconfigpy.txt
This will update `~/.ssh/config` between:

- `# BEGIN ssh-op (managed)`
- `# END ssh-op (managed)`

## Usage
example.sh
ssh-op --help
# try a safe ssh command (or any host alias you have configured)
ssh-op -T <host-alias>
example.sh
ssh-op my-host-alias
ssh-op -T my-host-alias
ssh-op -L 8080:localhost:8080 my-host-alias

Tags

#devops_and-cloud #script

Quick Info

Category Development
Model Claude 3.5
Complexity Multi-Agent
Author moodykong
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install ssh-op

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Acestep Lyrics Transcription

Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.

GPT-Optimized #ai_and-llms #api #script
)}
3.8 (274)
17,648
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0