Skip to main content
March 22, 2022
Question

SSH Agent Forwarding

  • March 22, 2022
  • 22 replies
  • 6877 views

I'm really enjoying using 1Password as a ssh-agent with biometric unlock. I'm wondering if it's possible forward the SSH agent though.

Scenario:

I have two macs with 1Password setup with biometric unlock for ssh keys (work machine and personal).
Occasionally, I want to login from my pesonal. machine and git push on my work machine. If I attempt to do this now, I get errors like this:


sign_and_send_pubkey: signing failed for ED25519 "/Users/MyName/.ssh/id_ed25519" from agent: agent refused operation
sign_and_send_pubkey: signing failed for RSA "SSH Key" from agent: agent refused operation
git@github.com: Permission denied (publickey).

I think what's happening is that ssh on my work machine is trying to use the 1password agent with biometric unlock, but the machine is locked (display asleep) so the biometric prompt is immediately dismissed and the auth fails.

I'm wondering if I can forward the SSH agent from my personal machine to the work machine. I would expect ssh -A work to handle this, but it seems to get the same error as above.

Any ideas on how to do this, or do I have to forgo biometric unlock if I want to ssh from the machines remotely.


1Password Version: 8.7.0
Extension Version: Not Provided
OS Version: macOS 12.3

22 replies

btaroli
June 4, 2023

Will a description of this also be back-ported to the docs so the unaware might discover it more easily? :)

floris_1P
1Password Employee
June 5, 2023

Yes, definitely!