Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Former Member
3 years agoGit and Azure DevOPS: agent refused operation
I struggle getting my GIT repositories in Azure working with 1Password keeping my SSH keys. Beside that Azure does not support Ed25519 keys (sigh), so I had to create a RSA key for it, authentication with it fails as soon as I activate the two lines for "Host *" and "IdentityAgent" pointing to the 1Password socket:
--- 8< ---
sign_and_send_pubkey: signing failed for RSA "/Users/myuser/.ssh/id_rsa_azure.pub" from agent: agent refused operation
--- 8< ---
(it also fails without setting IdentityFile and IdentitiesOnly btw.)
Exporting the key and using old fashioned file based key authentication works though.
Working with other GIT servers works, so I think this is a "Azure-Thing".
1Password Version: 8.7.0 (80700012)
Extension Version: Not Provided
OS Version: 12.2.1 (21D62)
- floris_1P
1Password Team
Yes, this is because Azure DevOps only supports legacy
ssh-rsa
SHA-1 signatures. We're working on adding support for those as well. - billwuNew Contributor
Hi,
I think i've created a ssh-rsa key for azure devops now, however i'm getting the same error. Is this issue fixed yet?
- Former Member
AFAIK there is no support for Azure DevOPS (or the other way around: Azure DevOPS doesn't support the better algorithms) yet. My workaround: I added the following to my
.ssh/config
file:Host ssh.dev.azure.com
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
IdentityAgent /private/tmp/com.apple.launchd.znyst9AFDG/Listeners
- Former Member
Anyone know what the workaround would be on Linux?
I have the identity file in ~/.ssh, but it seems no matter what I do, the 1password SSH agent is taking over.SSH_AUTH_SOCK="" git fetch
sign_and_send_pubkey: signing failed for RSA "/home/user/.ssh/id_rsa" from agent: agent refused operation - Former Member
I figured out I can just define this ssh config above the Host * IdentityAgent in ~/.ssh/config to workaround
- Former Member
Glad you found a solution, @zigford. And thanks for sharing it!
- Former Member
Update. Don't know why, but my workaround stopped working.
New workaround that is working currently:Define the following above the IdentityAgent definition, so the
~/.ssh/config
should look like this:
Host ssh.dev.azure.com
HostName ssh.dev.azure.com
User git
IdentityFile ~/.ssh/id_rsa
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
IdentitiesOnly yes
IdentityAgent /dev/null
Host *
IdentityAgent ~/.1password/agent.sock
AddKeysToAgent yes
- Former Member
Hi @zigford!
As of the latest nightly release, 1Password supports ssh-rsa (SHA-1). So if you update to the latest nightly you can also store your Azure DevOPS SSH key in 1Password.
- XIIITrusted Contributor
Excellent news. Thank you!
- Former Member
Thanks @MartonS1P, can you point me in the direction of the nightly releases? I've googled around and cannot find it. I'm on Linux.