Skip to main content
March 25, 2022
Question

1Password asking for permission each time

  • March 25, 2022
  • 58 replies
  • 10698 views

When using 1Password for storing my SSH keys, it asks for authentication (here: fingerprint) each time a key is accessed. This is different from handling passwords for e. g. web forms: As long as 1Password isn't locked, I can fill the password fields.
As I very often access different machines, this annoys me already after one day ...
Is it possible to disable that behaviour?


1Password Version: 8.7.0 (80700012)
Extension Version: Not Provided
OS Version: 12.2.1 (21D62)

58 replies

May 30, 2023

This feature is so good! Thank you for polishing it. Allowing ssh key access just by a fingerprint feels amazing.

September 30, 2023

Thank you so much for developing this feature. It is very convenient and easy to use...if you're in front of your computer.

Unfortunately, signing Git commits or using SSH keys this way is a GIGANTIC hassle if you're connected remotely. It's basically unusable in this use case.

I often connect to my computer at home (running the 1Password ssh-agent) from my iPad via Blink Terminal. Every time I need to sign a commit or use a password with the op CLI, I have to VNC into my computer, log in and interact with 1Password to finish the transaction.

Sometimes git or ssh will time out waiting on me to do this, as this is very hard to do over low-bandwidth connections.

It would be much more ideal if 1Password sent a beacon to all of my logged-in devices whenever it needed authorization to use a key or something.

October 15, 2023

First, I see there have already been some improvements since this feature was launched, so thanks for that!

Still, I think there's a better model that would provide good access control while staying simple to use: permanent (even after 1P closing), per-application approvals.

Implementation-wise, I imagine once an application got approved, either its path (less secure) or file hash (more secure) would be stored as trusted and not prompted again. This would allow easily restricting access only to the expected apps, without prompting too often; only after an update that changes the path/hash would the app need to be re-approved.

December 10, 2023

The idea for this feature is quite great, the implementation however is extremely annoying. After a couple of weeks trying it, I ended up disabling it. Typing my password every 5 minutes is just too much.

February 15, 2024

firstly I strongly agree that asking password every time is too much and on every commit even if 1password is already unlock, so I decided to disable that feature (until you improve the behaviour if you do because it seems to exist since a while now) and use the old way with ssh keys store as a file in .ssh folder.
I was about to get crazy trying to unlink 1password from Sourcetree and cannot find any explanation about that on the web so I'm posting this here for people like me because I lost so much time to figure it out.

Inside ~/.ssh/config remove:

Host \*
IdentityAgent "~/Library/Group Containers/xxx.com.1password/t/agent.sock"

in ~/.gitconfig remove the signingkey and
```
gpgsign = true

[gpg]

format = ssh

[gpg "ssh"]

program = /Applications/1Password.app/Contents/MacOS/op-ssh-sign
```

You can now use SSH in the old way without 1Password.
Hope this will help someone.

March 29, 2024

Thank you so much, @antfly! You're a lifesaver.
Adding my SSH keys to 1Password has been the biggest waste of time ever.

May 3, 2024

I'm thinking of disabling it, since it keeps asking me for the touch id during background git pulls from VS Code and when I run any git command on Warp. I want to be able to authorize by application for at least a week or something, doing it multiple times a day really disrupts my work.

Stanzilla
September 10, 2024

I also suffer from the problem where my clients fetch in the background and it prompts me every time. are there any news about a fix/workaround for this?