Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

Former Member's avatar
Former Member
3 years ago

Macos Monterey: git not working with the ssh agent

Hi,

I'm trying to use the ssh agent with git and no dice. I'm using two different key: one to connect to almost every server, and one specific for Github. Both are ed25519 and works fine when not using 1Password. They're both in my Private vault.

I've followed the direction, so I have

~/.ssh/config:
`Host *
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

Host github.com
User git
IdentitiesOnly yes
IdentityFile ~/.ssh/github.pub`

It works fine for ssh hosts (normal key), but impossible to reach Github "Permission denied (publickey)", which use the specific config. I don't even have the request from 1Password to allow the key use.

OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/seb/.ssh/config
debug1: /Users/seb/.ssh/config line 1: Applying options for *
debug1: /Users/seb/.ssh/config line 56: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/seb/.ssh/github.pub type 3
debug1: identity file /Users/seb/.ssh/github.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version babeld-25270101
debug1: compat_banner: no match: babeld-25270101
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /Users/seb/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: load_hostkeys: fopen /Users/seb/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/seb/.ssh/known_hosts:13
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/seb/.ssh/github.pub ED25519 SHA256:sYO7nXbHVVjlvphIiWsAGvMjDE0X64cLNnN9a/NjB1s explicit agent
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/seb/.ssh/github.pub ED25519 SHA256:sYO7nXbHVVjlvphIiWsAGvMjDE0X64cLNnN9a/NjB1s explicit agent
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).

I have also no log in /Users/seb/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log

I'm guessing the issue start with debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling


1Password Version: 8.9.8
Extension Version: Not Provided
OS Version: macos 12.6.1
Browser:_ Not Provided

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team

    Hi @ArcanumXIII:

    Just as a quick test, if you do ssh -T github.com, are you able to connect to GitHub and receive the "Hi USERNAME! You've successfully authenticated, but GitHub does not provide shell access." message? Let me know, and I can take a closer look.

    Jack

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team

    Hey @ArcanumXIII:

    Thanks for confirming. I've done some more testing, and it seems like if SSH is offering a public key, but the server isn't responding, it's likely that the public key isn't recognized by the server.

    Just to double check that your key is configured with GitHub, navigate to https://github.com/settings/keys. Here, click New SSH key. Choose Authentication Key, and if you have 1Password installed in your browser, your SSH keys will be suggested. Click your GitHub key to fill.

    After doing that, try ssh -T github.com again. If you're still running into trouble after that step, please try ssh -Tvv github.com and share the logs with us via email at businesssupport@1password.com. Thanks!

    Jack

  • Former Member's avatar
    Former Member

    Ouch! It was that... Seems my Github keys were rotate or deleted (my bad)

    It's now working !

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team

    Hey @ArcanumXIII:

    Glad to hear it! Feel free to get in touch if you need any help in the future. 🙂

    Jack