Skip to main content
March 16, 2022
Question

Getting SSH key support to work (macOS, version 8.6.0 beta)

  • March 16, 2022
  • 14 replies
  • 1109 views

I was interested to read the Blog post about the new SSH agent/key support, but, for the life of me, am apparently missing something obvious in getting it to actually work.

I have read through the documentation, and have extensive familiarity with setting up SSH keys, using agents, and so on, but, no joy.

The documentation specifically mentions setting up your new SSH keys in "your Private vault"; I'm not sure if the use of the word Private is crucial here, but, assuming a level of pedantry, I created a new Vault called "Private". I then created a new key.

I've enabled the SSH agent in the Developer preferences of 1P8, and modified my .ssh/config file for a specific host to use the socket for the IdentityAgent. I've tried both the full "Group Containers" path, as per the snippet in the Preferences, as well as the symlinked socket in .1password.

I have rebooted multiple times, and ensured 1P7 was removed from this machine (M1 MBP, new). 1P8 starts at login, and I open/start it before testing SSH.

I've also tried exporting the SSH_AUTH_SOCK explicitly, and checking with ssh-add -l.

No matter what I do, no identities are available in the agent.

And, predictably, whenever I try to log in to the defined host, it fails, and falls back to Password.

I also tried defining the global "Host *" option with the socket's location, still didn't work.

Even tried specifying IdentitiesOnly for the host I'm testing with...nope.

Must be missing something so obvious that I just can't see it...any hints appreciated.


1Password Version: 8.6.0
Extension Version: Not Provided
OS Version: Not Provided

14 replies

April 14, 2022

I just got this working as well but don't like the fact that I must store my ssh keys (work) in my personal vault. I'd much prefer to designate a 'SSH_KEYS' vault and keep them together. +1 for having the ability to identify or opt-in for other vaults. Optimally, identical to Personal (my plan) but with a different name. Or, add an option for each vault created to toggle Personal/Private on/off. If the toggle is enabled, simply consider it part of Personal if it makes things easier.

April 14, 2022

I just got this working as well but don't like the fact that I must store my ssh keys (work) in my personal vault. I'd much prefer to designate a 'SSH_KEYS' vault and keep them together. +1 for having the ability to identify or opt-in for other vaults. Optimally, identical to Personal (my plan) but with a different name. Or, add an option for each vault created to toggle Personal/Private on/off. If the toggle is enabled, simply consider it part of Personal if it makes things easier.

April 15, 2022

Hi @floris_1P (or anyone else, for that matter). Instead of opening another issue (let me know if that's preferable to me continuing here). I have this all enabled in 1Password, and have tried following everything in this thread, but I am not certain how to confirm (if I have 2 keys, for GitLab, for example) if it's working. Is there a way to check? Thanks!

floris_1P
1Password Employee
April 19, 2023

@doetraar @mattcooper @mxmxcz @speedtrial113 @adenix @zaxaz

I wanted to let you know that we're currently working on a solution that allows for the following:
- Enable keys from other vaults than the Private/Personal vault.
- Create isolated setups with certain keys offered on a separate socket.
- Control the order in which keys are offered to SSH servers.

It would be great to get your feedback on our proposal, if you're (still) interested. You can do so by joining the #ssh-agent-config channel in our Slack workspace.