Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Former Member
3 years agoCannot add account to CLI 2.0.0
With CLI version 2 I cannot seem to add an account.
This is what happens:
op account add
Enter your sign-in address (example.1password.com): my.1password.com
Enter the email address for your account on my.1password.com: [email redacted]
[ERROR] 2022/03/17 15:10:42 Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again.
When I go back to 1.12.4, it works as expected.
- Former Member
Hey @N33T ,
Does the command ask for your secret key and password after email or return the error message right after you enter the email?
edit: It looks like that error message is printed when attempting to check that the signin address can be reached. This step happens before the secret key and password are prompted. Is
my.1password.com
the exact text you are inputting in that step? - Former Member
Hey @"Justin.Yoon_1P",
my.1password.com
is the exact text that I am inputting.It could be that it is a DNS issue, we're using an internal DNS server due to policies.
Does CLI v2 have a special way it resolves DNS?When I add an acccount with version 1 and then try to login with version 2 I get the following:
op signin -f
Enter the password for [email] at my.1password.com:
[ERROR] 2022/03/18 09:44:44 failed to request.DoUnencrypted: Get "https://my.1password.com/api/v2/auth/[redacted]": dial tcp: lookup my.1password.com on [::1]:53: read udp [::1]:33617->[::1]:53: read: connection refused
with v1:
```
op signin
Enter the password for [email] at my.1password.com:
export OP_SESSION_my="[redacted]"This command is meant to be used with your shell's eval function.
Run 'eval $(op signin my)' to sign in to your 1Password account.
Use the --raw flag to only output the session token.
```
I did make that typo on the other post:
https://1password.community/discussion/127993/cannot-add-account-to-cli-2-0-0#latestSo that one can be removed as I accidentally double posted.
When I try to resolve DNS with our internal DNS server:
```
nslookup my.1password.com [DNS IP]
Server: [DNS IP]
Address: [DNS IP]#53Non-authoritative answer:
Name: my.1password.com
Address: 34.192.182.4
Name: my.1password.com
Address: 75.101.251.99
Name: my.1password.com
Address: 34.230.244.235
Name: my.1password.com
Address: 54.172.125.106
Name: my.1password.com
Address: 54.197.109.118
Name: my.1password.com
Address: 2600:1f18:60d5:4e01:9a5a:96db:6156:6d50
Name: my.1password.com
Address: 2600:1f18:60d5:4e02:5ea8:d1f5:8833:6473
Name: my.1password.com
Address: 2600:1f18:60d5:4e00:e020:a971:c344:3867
Name: my.1password.com
Address: 2600:1f18:60d5:4e04:9c92:c5bb:230e:b2b9
Name: my.1password.com
Address: 2600:1f18:60d5:4e03:b4cc:ceed:3591:edcb
```When I use the IPv6 address of the DNS server
```
nslookup -query=AAAA my.1password.com [DNS v6 IP]
Server: [DNS v6 IP]
Address: [DNS v6 IP]#53Non-authoritative answer:
Name: my.1password.com
Address: 2600:1f18:60d5:4e00:e020:a971:c344:3867
Name: my.1password.com
Address: 2600:1f18:60d5:4e04:9c92:c5bb:230e:b2b9
Name: my.1password.com
Address: 2600:1f18:60d5:4e01:9a5a:96db:6156:6d50
Name: my.1password.com
Address: 2600:1f18:60d5:4e02:5ea8:d1f5:8833:6473
Name: my.1password.com
Address: 2600:1f18:60d5:4e03:b4cc:ceed:3591:edcb
``` - Former Member
Hey @N33T
Appreciate the additional info.
Adding the account via op v1 and then trying to sign into it in v2 was a great idea. Using
my.1password.com
as the signin address should be completely fine. It seems like requests tomy.1password.com
are being rejected, and will need further investigation if the DNS is affecting it.To my knowledge, we have not changed the networking layer such that a DNS would be prohibited in v2. We will continue to look into this problem, stay tuned.
For the time being, would you be able to confirm whether or not adding accounts and signing in with v2 works when the DNS is set to a public one, like Google's? If not due to policy, it is completely fine as well.
- Former Member
Hi @"Justin.Yoon_1P",
unfortunately I cannot change the DNS server due to policy (blocked by firewall).
However I did try and disable IPv6 (on loopback and the nic), since the error seems to be related to the IPv6 localhost port 53.
But that unfortunately gives the same error.1P desktop, 1P browser extension and 1P CLI v1 all work fine.
Is port 53 also used by IPv6 for DNS?
On my machine I don't even see it listening for [::]53, I only see [::]:5355 which seems to be for Link-Local Multicast Name Resolution. - Former Member
Thanks for the update @N33T
We are still looking into it.
Which OS are you trying to run the CLI on by the way?
- Former Member
Hi @"Justin.Yoon_1P",
I use Arch btw.
At home I also run Arch with the same setup and CLI v2 does work.
It doesn't listen to [::]53 either. - Former Member
Hey @N33T
We have an Arch user in our company who encountered the same problem, wondering if it may be applicable to your case.
This seems to be a common problem with CLI binaries written in Go - and we don't have a fix on our end yet, but we'll continue looking into it.
Are you configuring DNS with systemd-resolved?
While this individual did not have any custom DNS configured, they did have to do this step in the picture to symlink
resolve.conf
tostub-resolv.conf
:I am not 100% sure if this applies to you, or if it will fix it for you, but the error message and OS match up so I thought I'd bring it up, please give it a try if it does indeed apply to you and let us know!
- Former Member
Hi @"Justin.Yoon_1P",
Thanks for the link to that part of the arch wiki.
I am indeed using systemd-resolved for DNS.I can confirm that replacing
/etc/resolv.conf
with a symlink to/run/systemd/resolve/stub-resolv.conf
does the trick.Thank you very much!
- Former Member
Hey @N33T
I am very happy to hear that, thank you for the update.