Skip to main content
February 16, 2022
Question

Windows SSH Agent without Windows Hello?

  • February 16, 2022
  • 28 replies
  • 1770 views

Hi!

I was very excited to try the new SSH tooling built into 1Password 8 Beta for Windows. However, I do not have Windows Hello on my desktop which sounds like a requirement to use the 1Password SSH agent on Windows (see green TIP here https://developer.1password.com/docs/ssh/get-started#step-3-turn-on-the-1password-ssh-agent).

Is there any way around this? Or are there plans for an alternative here? I don't mind entering my master password every time I need to SSH as an alternative. I'd really like to use the SSH agent :)


1Password Version: 8.6.0
Extension Version: Not Provided
OS Version: Windows 11 Pro

28 replies

floris_1P
1Password Employee
February 22, 2022

Yes, it's currently a requirement, but we will be adding support for entering your account password as well in the future.

February 22, 2022

The password options is really necessary. My company, for example, does not allow the usage of "Windows Hello".

floris_1P
1Password Employee
February 23, 2022

It was not an easy decision to make, so we can assure you that this is high on our list.

Our of curiosity, what's the main reason your company doesn't allow Windows Hello?

February 24, 2022

The main reason is legal hostility belonging to the German GPDR (DSGVO).

February 24, 2022

@mrbscreen, thanks for giving us additional context there. That definitely helps us prioritize this!

March 7, 2022

My company (worldwide, > 100000 employees) also disabled Windows Hello for reasons unknown to me, at least for the machines located in Germany. Since regular ssh agents ask for the key password once at loading time, then never again, I would like a similar behavior in 1Password as option. Just be able to disable any prompt and just serve the key if it is requested by some ssh client.

I understand asking for Windows hello unlock is a security measure to make me aware that a ssh key is actually requested, and to detect unexpected requests, but this is not standard behavior of ssh agents.

March 7, 2022

Former Member Thank you for the additional feedback. We're definitely doing some research here to determine how we might approach this particular scenario going forward. We need to balance security with ease of use but we know this is important to make more seamless for you!

September 27, 2022

Hello, I've seen this conversation and I'm curious what is the status of this request?
My company dosn't allow Windows Hello because of legal reasons (GPDR)
Would be great if this request could get the highest priority.

October 11, 2022

@sb22hh Removing the requirement of Windows Hello is something we're actively working on. Stay tuned!

November 19, 2022

I'm wondering whether the use of windows hello is a technical requirement or just convenience for you?

I mean, could the 1password app not prompt for the use of an SSH key itself? Without asking for a password at all, if the app is already unlocked.