Skip to main content
April 24, 2022
Question

ssh server fails -- but allows key anyway.

  • April 24, 2022
  • 5 replies
  • 1122 views

I have just the seen the following behaviour when using 1P as the ssh key server:


random$ git pull
sign_and_send_pubkey: signing failed for RSA "/Users/jaffe/.ssh/id_rsa" from agent: agent refused operation
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Total 6 (delta 5), reused 6 (delta 5), pack-reused 0
Unpacking objects: 100% (6/6), 505 bytes | 24.00 KiB/s, done.
From github.com:defjaf/Almanac
15453bd..f1165a3 ppa_refactor -> origin/ppa_refactor
Already up to date.
random$ git pull
sign_and_send_pubkey: signing failed for RSA "/Users/jaffe/.ssh/id_rsa" from agent: agent refused operation
Already up to date.

Note the error message -- this was accompanied by a brief popup of the window requesting Apple Watch confirmation, which went away without my acceptance (https://1password.community/discussion/123579/apple-watch-unlock-in-clamshell-mode-often-fails?). But the request seems to go through without confirmation.


1Password Version: 8.7.0 (80700090)
Extension Version: Not Provided
OS Version: macOS 12.3.1

5 replies

chris__hayes
May 9, 2022

Having the same issue.

chris__hayes
May 9, 2022

Getting this issue on MacOS Monterey. Started the same day 1Pass asked for password re-authentication (which it will do every 20 days or so).

1Password for Mac 8.8.0 - 80800011, on BETA channel

Tried and didn't work:
- Deleting "GitHub" entries in known_hosts
- Re-authenticating GitHub-cli (still using same SSH key)
- Terminal doesn't make a difference, tried VSCode integrated as well as iTerm 2
- Tried updating GitHub-cli 2.4.0 -> 2.9.0
- Tried installing the 1Pass op CLI command.

If I run ssh -vvvT git@github.com

Parts that are possibly related (this isn't the entire output)

debug2: get_agent_identities: ssh_agent_bind_hostkey: agent refused operation
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities

and the last 30 or so lines:

debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/chris/.ssh/id_rsa
debug3: no such identity: /Users/chris/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /Users/chris/.ssh/id_ecdsa
debug3: no such identity: /Users/chris/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/chris/.ssh/id_ecdsa_sk
debug3: no such identity: /Users/chris/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /Users/chris/.ssh/id_ed25519
debug3: no such identity: /Users/chris/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /Users/chris/.ssh/id_ed25519_sk
debug3: no such identity: /Users/chris/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /Users/chris/.ssh/id_xmss
debug3: no such identity: /Users/chris/.ssh/id_xmss: No such file or directory
debug1: Trying private key: /Users/chris/.ssh/id_dsa
debug3: no such identity: /Users/chris/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).

chris__hayes
May 9, 2022

Crap, I figured it out. When I logged in with my password I logged into one account, but the SSH key was on another account. I didn't realize this until I noticed I wasn't logged into all the accounts.

1Pass feedback - when you need to re-enter your password, make it easier to log into all accounts at once. Right now it gives you a single password field and logs into which ever account that happens to have that password.

floris_1P
1Password Employee
May 11, 2022

@chris__hayes Thanks for the feedback. Glad you figured it out! The SSH agent currently doesn't work that well in 'partially locked' scenarios. This is something we're looking to improve.

floris_1P
1Password Employee
May 11, 2022

@"a.jaffe" Do you see anything appear in the 1Password logs when you invoke the failing SSH command? On macOS: ~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log