Skip to main content
April 4, 2022
Question

Ability to specify which key to use (otherwise: Too many authentication failures)

  • April 4, 2022
  • 39 replies
  • 10306 views

I was perplexed as to why I could not SSH into a system earlier today. It looks like ssh is simply trying all of the keys in my vault, one after another, though never getting to the one it needs before the server fails with "Too many authentication failures":


debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: foo1 RSA SHA256:... agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: bar1 RSA SHA256:... agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: foo2 RSA SHA256:... agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: bar2 RSA SHA256:... agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: foo3 RSA SHA256:... agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: bar3 RSA SHA256:... agent
debug2: we sent a publickey packet, wait for reply
Received disconnect from x.x.x.x port 22:2: Too many authentication failures for username

Is there any way to support specifying the key to grab from the vault so that this does not happen?


1Password Version: 8.7.0
Extension Version: Not Provided
OS Version: macOS 12.3

39 replies

floris_1P
1Password Employee
March 23, 2023

@akschu Being able to configure different sockets is something we're investigating! As for disabling keys, you can already do that now by moving them to a different vault. The agent will then ignore them, even if they're of the SSH Key item type. There will be more customization on that front coming too.

floris_1P
1Password Employee
April 19, 2023

@jontyb @yboulkaid @gmay @akschu

I wanted to let you know that we're working on a solution that allows for the following:
- Control which SSH keys are enabled in the agent, even if they're from other vaults than the Private vault.
- Control the order in which keys are offered to SSH servers.
- Create isolated setups with certain keys offered on a separate socket.

It would be great to get your feedback on our proposal, if you're (still) interested. You can do so by joining the #ssh-agent-config channel in our Slack workspace.

April 19, 2023

Thanks for the update @floris_1P! I've joined the Slack channel.

May 26, 2023

@billvortex @Gudlyf @zaxaz @Ekami67 @digitalfiz @rodneyt @jontyb @yboulkaid @ajcos @VJmes @gmay @akschu

The following features are now available to try on the Nightly release channel today:

  • Control which SSH keys are enabled in the agent, even if they're from other vaults than the Private vault.
  • Control the order in which keys are offered to SSH servers.

You can find more information, including instructions for the feature, by joining the #ssh-agent-config channel in our https://join.slack.com/t/1password-devs/shared_invite/zt-15k6lhima-GRb5Ga%7Efo7mjS9xPzDaF2A. It would be great to get your feedback.

Next up is support for multiple agent config files/sockets, the earliest updates for which will be made in our Slack workspace.

May 27, 2023

Thanks @"chris.db_1p" , any idea when this feature will hit the release channel?

June 28, 2023

Hi @Jack_P_1P

Is there an update or roadmap to the SSH agent improvements?

I stumbled across the 6-SSH key limitation today, and it took me a while to figure it out.

Tip:ssh -v <user>@<host>

Adjusting the config file on my system and storing the key locally again breaks the complete advantage of 1Password for SSH.

Jack_P_1P
1Password Employee
June 28, 2023

Hi @jenssgb and @Ekami67:

As of yesterday, 1Password for desktop now includes the ability to better customize which keys are used: SSH agent config file | Developer Documentation

Jack

June 29, 2023

Awesome, thanks a lot! :)

August 23, 2023

Hey @Jack_P_1P apologies for not getting back earlier, but I did see this hit the release channel before I'd had the chance to test the nightly. Thanks very much for putting this in, it works great!