Forum Discussion

Former Member's avatar
Former Member
4 years ago

ForwardAgent?

I noticed that when I log in my server with a key that is in 1Password and I try to log in from there to other servers, that I need to provide my password. Apparently ForwardAgent does not work, or do I have to do something special?

1Password Version: 8.7.0
Extension Version: Not Provided
OS Version: macOS 12.3

SSH

20 Replies

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team
    3 years ago

    Hi @proza:

    Thanks for sharing. We're continuing to investigate how we can make this smoother when connecting to a host that also has 1Password SSH Agent enabled, so thanks for your feedback!

    Jack

  • Former Member's avatar
    Former Member
    3 years ago

    same here, forwarding don't work anymore when ssh'ing from another machine into this one until you comment out the IdentityAgent line


    Host *
    ForwardAgent yes
    IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

    (I login from 1 MacBook Air to another pro, both have 1pw)

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team
    3 years ago

    Hi @spacehog:

    Thanks for sharing that. Adding keys to the 1Password SSH agent can only be done directly from 1Password, not by using ssh-add. With that said, we have an internal issue tracking being unable to use ssh-add to import keys into 1Password, so I'll share your feedback with the team.

    ref: dev/core/core#13363

    @br_:

    We'd likely have to take a closer look at your specific setup. Please email us at businesssupport@1password.com mentioning that you're having trouble with SSH forwarding, and we'll be in touch.

    Jack

  • Former Member's avatar
    Former Member
    3 years ago

    @Jack.P_1P Do you have an idea of what could cause the error message when using ssh-add?

  • Former Member's avatar
    Former Member
    3 years ago

    Here is the message I have found in 1Password logs:
    Unsupported message sent to agent: AddIdentity

  • Former Member's avatar
    Former Member
    3 years ago

    @Jack I have made some progress.
    I have a private key file for the second server, if I add it in 1Password, forwarding works.
    But if I try to add it via ssh-add, I get an error:
    Could not add identity "keys": agent refused operation

    It's funny because ssh-add -l works well and lists all my private keys from 1Password.

    The SSH_AUT_LOCK points to ~/.1password/agent.sock.

  • Former Member's avatar
    Former Member
    3 years ago

    I'm trying to forward my 1Password SSH agent running on Windows 11, and when logging into my server it just hangs before showing a prompt. I can ^c and it cancels the connection, so it's probably also before a terminal is properly allocated?

    Anyway, I honestly have no idea what's going on here, but I'm hoping someone might be able to let me know if this is some sort of bug or limitation, or if I have something set wrong on my server. Thank you!

  • Former Member's avatar
    Former Member
    3 years ago

    Hi Jack,
    I use IdentityAgent for 1Pasword. But I totally forgot I also have SSH_AUTH_LOCK that points to my keychain SSH agent. I guess I have to disable the keychain SSH agent before retrying.
    I’ll tell you if it resolves my problem.

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team
    3 years ago

    Hi @spacehog:

    Do you have IdentityAgent, SSH_AUTH_SOCK, or both configured to use the 1Password SSH agent on your local machine? Let me know!

    Jack

  • Former Member's avatar
    Former Member
    3 years ago

    Hi
    Same problem here.
    Forwarding is not working with 1Password agent. I get a Permission denied (publickey). when trying to ssh on the second server.