[Feature Request] Using 1P SSH from inside a local Docker container

Hi all, I have followed this discussion entirely but I still am not able to reproduce or make this work.

My host is Windows and the container is Linux. I'm not sure if anyone else here was trying in this set up? I see the majority of people are either from Mac -> Linux or Windows -> Windows... I'm not sure how can I mount the named pipe //./pipe/openssh-ssh-agent to the container in a way that makes sense...

@tavlima Which OS are you on?

The agent integration with Docker works fine for me (using the SSH_AUTH_SOCK volume and env var), but 1Password is not correctly prompting for unlocking.

With ssh -vv I could see the keys were accepted by the server, but SSH timeout while waiting for the agent. That led me to 1Password logs, where I saw entries similar to this:


INFO 2023-09-22T16:41:36.526 tokio-runtime-worker(ThreadId(3)) [1P:ssh/op-ssh-agent/src/lib.rs:538] Notifying user through tray icon that they have a background prompt waiting


But I was seeing no unlock prompts... So I checked (clicked) the 1Password in the top menu bar and there I saw a message about the pending SSH authorization (don't recall exactly the message).

After clicking that, the unlock prompt showed up and I authorized it, everything worked.

Looks like a bug, to me: I shouldn't have to click the menu bar icon for that...

I can't pull any images from the internal registry. My best bet right now to have everything fully working is the following:


Host *
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
ForwardAgent yes
Host *
IgnoreUnknown AddKeysToAgent,UseKeychain
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa


What issue are you then encountering with the glcoud Docker helper?

The problem is that If i specify SSH_AUTH_SOCK to the 1password one, the gcloud auth + docker helper don't work anymore :)

@coolgoose That's because Docker for Mac is managed by launchd and will inherit the launchd environment rather than the zsh environment. So in other words: launchd needs to be aware of the socket, which requires an additional setup step, described here.

Seems there's something funky with both 1password and Docker.
I can add the export SSH_AUTH_SOCK to my ~/.zshrc but I still need to open docker with open -a Docker in order to properly be able to forward the ssh keys.

Okey got to the bottom of it - It's my Docker container not using the right open-ssh

Jack_P_1P here is my host file FYI

Host *
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
ForwardAgent yes


Steps I did to fix this:
1. install openssh-server via Dockerfile

FROM python
RUN apt-get update \
&& apt-get install -y --no-install-recommends build-essential openssh-server

2. Open vscode via this method https://developer.1password.com/docs/ssh/agent/compatibility#ssh-auth-sock

$ export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
$ open -a /Applications/Visual\ Studio\ Code.app


Hi @girish:

I notice this looks like Visual Studio Code's remote development extension. Is that correct? Would you mind sharing the contents of ~/.ssh/config from macOS, rather than your Docker container? I'll be able to dig in more once I've seen your SSH config.

Jack