ForwardAgent?

From MacOS to Linux, using IdentityAgent and ForwardAgent doesn't work.
Using SSH_AUTH_SOCK does work.
1Password for Mac 8.8.0.
Please fix!

Any news here? I switched off the feature again because of the algorithm- and the ForwardAgent-problems

It works when I try to move to a host that doesn't require a certificate -- the unlock-pop up comes from 1password, and I can log in.

Could it be that since the Certificate is not in the IdentityAgent, forwarding does not work?

Yes, that could very well be the culprit. What happens if you SSH from the forwarded host into a host that does not require certificates, e.g. ssh -T git@github.com?

I forgot the .ssh/config-part:

```
ControlPath ~/.ssh/connections/mux_%C

ControlPersist 4h
TCPKeepAlive no
ServerAliveInterval 60
ServerAliveCountMax 10
ForwardAgent yes
AddKeysToAgent yes
Host *
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
CertificateFile "~/.ssh/id_rsa_sam-cert.pub"

Host host1
HostName host1.fqdn.com
User user
Host destinationhost
HostName destinationhost.fqdn.com
User user
```

The destination-host-part should be irrelevant though because it depends then on the second host.

Could it be that since the Certificate is not in the IdentityAgent, forwarding does not work?

OpenSSH_7.9p1, OpenSSL 1.1.1k-freebsd 24 Aug 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: Connecting to targethost-nfs [172.16.254.156] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9 FreeBSD-20200214
debug1: match: OpenSSH_7.9 FreeBSD-20200214 pat OpenSSH* compat 0x04000000
debug1: Authenticating to targethost-nfs:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mailto:curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: mailto:chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: mailto:chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:9DZQE+gXw6BolwutR3GPutxfqKzlRSvjimNf9DOrXHw
DNS lookup error: general failure
debug1: Host 'targethost-nfs' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: id_rsa_sam RSA SHA256:jzuBd+ulgpxou9emJu1RRvIn9bf6plMl0E4mhQLHZvU agent
debug1: Will attempt key: /home/user/.ssh/id_rsa
debug1: Will attempt key: /home/user/.ssh/id_dsa
debug1: Will attempt key: /home/user/.ssh/id_ecdsa
debug1: Will attempt key: /home/user/.ssh/id_ed25519
debug1: Will attempt key: /home/user/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: Fssh_kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: id_rsa_sam RSA SHA256:jzuBd+ulgpxou9emJu1RRvIn9bf6plMl0E4mhQLHZvU agent
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Trying private key: /home/user/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive

Could you guys share your ssh -v output of the second command? (That should use the forwarded agent)
And also share the relevant SSH config.

Yes, it worked before when I added the ssh-key with ssh-add to my identities but that is not necessary if I understood the 1Password-ssh-support correctly (if not - how do I add it with ssh-add).

I am running into the same issue. I've got ForwardAgent set for my hosts, but nothing is being passed to the first remote server to allow me to SSH into the 2nd.

Agent forwarding should just keep on working after moving your keys to 1Password, without needing additional config. Did it work before? Did anything change?