Forum Discussion

rbroemeling's avatar
rbroemeling
New Contributor
2 months ago

"Connection Refused" when accessing 1Password ssh-agent within DevContainer

I've been trying to get this to work for a few hours and I'm at a loss for what to do next, so asking for ideas about what the problem could be. My software stack is macOS 26/Tahoe, 1Password 8.11.1...
cli
linux
macos
troubleshooting
mewesc's avatar
mewesc
New Contributor
2 months ago

Hi, 

i also struggle with this...

My software stack is macOS 26, 1Password 8.11.16, with Orbstack (as replacement of Docker Desktop) , and VSCode with a DevContainers.
I have all my SSH keys in 1Password and when executed from the host system, the keys are visible (and SSH works).

I have setup my DevContainer.json with the following mounts

"mounts": [
		"source=${localEnv:HOME}/.ssh,target=/root/.ssh,type=bind,readonly",
		"source=${localEnv:HOME}/.ssh/known_hosts,target=/root/.ssh/known_hosts,type=bind",
		"source=/run/host-services/ssh-auth.sock,target=/ssh-agent,type=bind"		
	],
		"remoteEnv": {
		"SSH_AUTH_SOCK": "/ssh-agent"
	}

If try to do a SSH connection from the devContainer, it does not work.

# echo $SSH_AUTH_SOCK
# /ssh-agent

# ssh-add -l
# Output is a list of my SSH keys

When i execute ssh -vT user@host

I get this output 

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: get_agent_identities: ssh_get_authentication_socket: No such file or directory

And now, i am stuck...

Not exactly your issue - but as you have the similar stack...

Update:

When i add this in my Container, it solves my issue:

mkdir -p "$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t"
ln -sf "$SSH_AUTH_SOCK" "$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"


Now i can connect from the container via SSH to any host, and the SSH Key will be derived form 1Password

KR

1P_Phil's avatar
1P_Phil
Icon for Moderator rankModerator
2 months ago

Hi mewesc​ ,

Many thanks for sharing this solution!! 

rbroemeling​ - please let us know if this works for your setup as well.

Thank you!
Phil & 1Password team!

  • rbroemeling's avatar
    rbroemeling
    New Contributor
    2 months ago

    1P_Phil​ Ah, no. No it does not fix the issue that I am having.

    From the description of KR's post, I would guess from the context that their `.ssh/config` file contained something like the 1P recommended configuration, such as:

    Host *
      IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
     
    KR then mounted their `${HOME}/.ssh` directory into their container, and therefore needed their SSH authentication socket to show up in the "right" place (which they solved with a symlink) within the container.
     
    This is a very different problem than the one I described in my post.