Skip to main content
December 20, 2025
Solved

SSH Bookmarks - broken on macOS

  • December 20, 2025
  • 3 replies
  • 232 views

Hi,

spent half a day on getting my (around 15) SSH keys and config sorted out. No success, at least not in "the way it's meant to be" by 1Password.

I'm pretty sure I did everything correctly (all on macOS): 

  • set the agent in config,
  • checked all the right boxes to get the "Include" file,
  • include it in configuration 

And still, when I do `ssh -vvv ...` I see that the user and host gets matched to the correct *.pub key, but the agent insists on offering every single key it knows. And we now where this ends - back in my shell, not on the remote machine.

So finally after several hours, I gave up and just copied the corresponding `IdentityFile` statements directly into config, remove the "Include" and can happily login to my remote shells. Which kind of defeats the purpose of SSH bookmarks.

By the way I also never made it work to have a "Host" definition in my config while using its name as a url. Docs say that it works, it does not (at least for me).

Example in config:

Host machine-a
  Hostname machine-a.example.org
  User chilledbeany

and in 1Password:

ssh://machine-a

No match. Only with

ssh://chilledbeany@machine-a.example.org

it matches, which is again, kind of wrong.

So, any guidance on what I do wrong or getting it fixed in 1Password is appreciated.

Best answer by muc81

Heureka!

Just a few more hours and it works. Key paragraph in docs (ideally to be reworked) https://developer.1password.com/docs/ssh/bookmarks/#use-the-configuration-file.

  • Include must be on top of ~/.ssh/config
  • followed by Agent
  • followed by Host definitions

Example (this would have helped me tremendously):

# use 1Password to manage ssh key assignment to logins (ssh bookmarks)
Include "~/.ssh/1Password/config"

# use 1Password as Identity Agent
Host *
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
  # IdentityAgent "~/.1password/agent.sock"

###
###  Home Assistant
###

Host homeassistant
  HostName homeassistant.local
  User root
  Port 222     # using a non-standard port

In 1Password define the custom url field:

url
ssh://homeassistant

And by the way, this also addresses the question of how to use a different port than 22/tcp for ssh connection.

3 replies

muc81AuthorAnswer
December 20, 2025

Heureka!

Just a few more hours and it works. Key paragraph in docs (ideally to be reworked) https://developer.1password.com/docs/ssh/bookmarks/#use-the-configuration-file.

  • Include must be on top of ~/.ssh/config
  • followed by Agent
  • followed by Host definitions

Example (this would have helped me tremendously):

# use 1Password to manage ssh key assignment to logins (ssh bookmarks)
Include "~/.ssh/1Password/config"

# use 1Password as Identity Agent
Host *
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
  # IdentityAgent "~/.1password/agent.sock"

###
###  Home Assistant
###

Host homeassistant
  HostName homeassistant.local
  User root
  Port 222     # using a non-standard port

In 1Password define the custom url field:

url
ssh://homeassistant

And by the way, this also addresses the question of how to use a different port than 22/tcp for ssh connection.

April 28, 2026

Are you sure there isn't something else you tried that fixed this? Since adding `Include "~/.ssh/1Password/config"` is documented as a part of the https://developer.1password.com/docs/ssh/bookmarks/#ssh-bookmarks-config-file, which stores the hosts and public keys locally, not as part of the auto bookmarking via fields in the item.

 

artooro
December 23, 2025

Glad that worked for you, but it's not an acceptable solution. If you have a team with hundreds of SSH servers, you can't depend on a static ssh config file being kept up to date. It needs to be fully integrated with 1Password.

April 28, 2026

I have a similar issue on Linux.

  • `~/.ssh/config` contains `Include ~/.ssh/1Password/config` (though only needed for non-bookmark approach?)
  • `~/.ssh/config` contains `Host *` with `IdentityAgent ~/.1password/agent.sock`
  • `~/.ssh/config` contains a `Host custom-host-name` with details
  • 1Password items contain `ssh://custom-host-name`
  • Manually connecting via `ssh custom-home-name` fails with `Too many authentication failures` due to more than 6 keys (archiving a few ssh keys in 1P confirms this)
  • Clicking "Connect" inside the 1P item opens the terminal and closes directly, I don't get to see what is wrong if anything, but probably the same auth failure due to limit of 6 keys