Skip to main content
March 16, 2022
Question

SSH to EC2 - `agent refused operation`

  • March 16, 2022
  • 3 replies
  • 648 views

I have a problem with accessing an EC2 instance using a private key stored in my private vault.

Steps:

  1. Update ~/.ssh/config with a host i.e.


Host random-host
HostName random-host.com
User ec2-user
IdentityAgent "~/Library/Group Containers/2BUA8GG42C.com.1password/t/agent.sock"

  1. Try to ssh to random-host

1password app prompts to 'Allow Access'

  1. This results in:

sign_and_send_pubkey: signing failed for RSA "random-host" from agent: agent refused operation ec2-user@random-host.com: Permission denied (publickey)

  1. When I list all of the keys available to the agent:

ssh-add -l

The agent has no identities.

Can you help? Not sure which steps I have missed?

Thanks, Matt


1Password Version: Not Provided
Extension Version: 8.6.0
OS Version: Not Provided

3 replies

floris_1P
1Password Employee
March 16, 2022

Do you see anything appear in the logs when you run the SSH command? On macOS: ~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log

March 17, 2022

I too am getting this error, but only to one ssh server. All others work with the 1P8 agent. remote server configs are the same (sshd_config/ pam.d/sshd)

error log:
ERROR 2022-03-17T08:54:31.638 tokio-runtime-worker(ThreadId(12)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ssh/op-ssh-agent/src/lib.rs:377] Error handling sign request: Key(signing with ssh-rsa is unsupported; SHA-1 may be insecure)

MacOS 12.3
1p 8.7 80700004, on NIGHTLY channel

floris_1P
1Password Employee
August 26, 2022

@dc240 The latest 1Password beta now has support for ssh-rsa connections. Can you see if it works now?