No fingerprint prompt when SSHing

floris_1P , I found the problem and it was embarrassingly stupid of me. I simply forgot to add the pub key to the server. I was sure I'd added it but it seems I only had the original one there.

It all works great and I'm loving it. What a great feature!

Thanks for all your help.

Hi floris_1P, sorry for the late reply and thanks for the documentation. I'll implement the recommendations and read up on the DO doc. I'll get there, it's just a matter of finding the time to troubleshoot.

Thanks for your help!

Great to hear you got it working with your NAS and Pi! For the Linode server: looking at the logs, the public key now does get properly offered to the server, but it seems like the server doesn't accept it. DigitalOcean has some nice tips on troubleshooting SSH in their docs, which might help you out.

About IdentitiesOnly and the Too many authentication failures error, we have an article in our docs portal about that.

Hi floris_1P,
I commented out IdentitiesOnly and ran the command again. Still no 1Password entries in 1Password.

~~~
$ ssh linode -v
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/jdoe/.ssh/config
debug1: /Users/jdoe/.ssh/config line 1: Applying options for *
debug1: /Users/jdoe/.ssh/config line 12: Applying options for linode
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 123.123.123.123 [123.123.123.123] port 22.
debug1: Connection established.
debug1: identity file /Users/jdoe/.ssh/id_rsa type -1
debug1: identity file /Users/jdoe/.ssh/id_rsa-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_dsa type -1
debug1: identity file /Users/jdoe/.ssh/id_dsa-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_ecdsa type -1
debug1: identity file /Users/jdoe/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/jdoe/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_ed25519 type -1
debug1: identity file /Users/jdoe/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/jdoe/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_xmss type -1
debug1: identity file /Users/jdoe/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 123.123.123.123:22 as 'jdoe'
debug1: load_hostkeys: fopen /Users/jdoe/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: mailto:chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: mailto:chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:0WN3ivkenyByHO3n9/LAMTDMBF7ShbxxBbtk3CJCrY0
debug1: load_hostkeys: fopen /Users/jdoe/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: checking without port identifier
debug1: load_hostkeys: fopen /Users/jdoe/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '123.123.123.123' is known and matches the ED25519 host key.
debug1: Found key in /Users/jdoe/.ssh/known_hosts:445
debug1: found matching key w/out port
debug1: check_host_key: hostkey not known or explicitly trusted: disabling UpdateHostkeys
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: Linode ED25519 SHA256:hE2UmRsuU5E12345DFNenxC4zILNhRCiHblPEOXhL4c agent
debug1: Will attempt key: /Users/jdoe/.ssh/id_rsa
debug1: Will attempt key: /Users/jdoe/.ssh/id_dsa
debug1: Will attempt key: /Users/jdoe/.ssh/id_ecdsa
debug1: Will attempt key: /Users/jdoe/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/jdoe/.ssh/id_ed25519
debug1: Will attempt key: /Users/jdoe/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/jdoe/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: Linode ED25519 SHA256:hE2UmRsuU5E12345DFNenxC4zILNhRCiHblPEOXhL4c agent
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/jdoe/.ssh/id_rsa
debug1: Trying private key: /Users/jdoe/.ssh/id_dsa
debug1: Trying private key: /Users/jdoe/.ssh/id_ecdsa
debug1: Trying private key: /Users/jdoe/.ssh/id_ecdsa_sk
debug1: Trying private key: /Users/jdoe/.ssh/id_ed25519
debug1: Trying private key: /Users/jdoe/.ssh/id_ed25519_sk
debug1: Trying private key: /Users/jdoe/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
mailto:jdoe@123.123.123.123: Permission denied (publickey,keyboard-interactive).
~~~

This seems better. I checked the fingerprint in 1Password and it is the correct key but still no prompt.
~~~
debug1: Will attempt key: Linode ED25519 SHA256:hE2UmRsuU5E12345DFNenxC4zILNhRCiHblPEOXhL4c agent
~~~

On the subject of IdentitiesOnly, I had to add it because I have so many keys in .ssh. If I put all my keys (20 or so keys) in 1Password, will I not run into the same problem (Too many authentication failures) and If I can't use IdentitiesOnly, should I even try? Love what you are doing for SSH though.

I worked a bit more on it and added my NAS and RPI. I got them both working! I thought it might have something to do with the port on which SSH is listening but 1P also works when connecting to SSH on a port which is not 22. This is all very odd. I will continue trying to figure it out but the verdict for now is that it works on some ssh connections and not others.

Ah I see, you've set IdentitiesOnly yes for linode, try removing that line.

Hi floris_1P ,

Nothing showing up in the logs. This is my output:

~~~
$ ssh -v linode
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/jdoe/.ssh/config
debug1: /Users/jdoe/.ssh/config line 1: Applying options for *
debug1: /Users/jdoe/.ssh/config line 12: Applying options for linode
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 123.123.123.123 [123.123.123.123] port 22.
debug1: Connection established.
debug1: identity file /Users/jdoe/.ssh/id_rsa type -1
debug1: identity file /Users/jdoe/.ssh/id_rsa-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_dsa type -1
debug1: identity file /Users/jdoe/.ssh/id_dsa-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_ecdsa type -1
debug1: identity file /Users/jdoe/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/jdoe/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_ed25519 type -1
debug1: identity file /Users/jdoe/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/jdoe/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/jdoe/.ssh/id_xmss type -1
debug1: identity file /Users/jdoe/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 123.123.123.123:22 as 'jdoe'
debug1: load_hostkeys: fopen /Users/jdoe/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: mailto:chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: mailto:chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:0WN3ivkenyByHO3n9/LAMTDMBF7ShbxxBbtk3CJCrY0
debug1: load_hostkeys: fopen /Users/jdoe/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: checking without port identifier
debug1: load_hostkeys: fopen /Users/jdoe/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '123.123.123.123' is known and matches the ED25519 host key.
debug1: Found key in /Users/jdoe/.ssh/known_hosts:445
debug1: found matching key w/out port
debug1: check_host_key: hostkey not known or explicitly trusted: disabling UpdateHostkeys
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/jdoe/.ssh/id_rsa
debug1: Will attempt key: /Users/jdoe/.ssh/id_dsa
debug1: Will attempt key: /Users/jdoe/.ssh/id_ecdsa
debug1: Will attempt key: /Users/jdoe/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/jdoe/.ssh/id_ed25519
debug1: Will attempt key: /Users/jdoe/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/jdoe/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/jdoe/.ssh/id_rsa
debug1: Trying private key: /Users/jdoe/.ssh/id_dsa
debug1: Trying private key: /Users/jdoe/.ssh/id_ecdsa
debug1: Trying private key: /Users/jdoe/.ssh/id_ecdsa_sk
debug1: Trying private key: /Users/jdoe/.ssh/id_ed25519
debug1: Trying private key: /Users/jdoe/.ssh/id_ed25519_sk
debug1: Trying private key: /Users/jdoe/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
mailto:jdoe@123.123.123.123: Permission denied (publickey,keyboard-interactive).
~~~

Could you share your ssh -v output? And with the typo now fixed, do you see anything appear in the 1Password logs when you run the failing SSH command?

Hi floris_1P ,
thanks for helping out. I fixed my typo (thanks for that) and did all the steps again in the following order

1. Enable 1P SSH agent
2. Log into Linode and generated an SSH Key
3. tried to login via ssh without success. Same problem, no prompt.

My Linode ssh config:
~~~
Host linode
User jdoe
Hostname 123.123.123.123
IdentitiesOnly yes
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
~~~

I did not export SSH_AUTH_SOCK as I guess I don't needed if I use the agent.sock in the ssh config.

I do however have the following settings which might affect things, what do you think? Disabling bellow doesn't seem to improve anything.
~~~
Host *
UseKeychain yes
AddKeysToAgent yes
TCPKeepAlive yes
ServerAliveInterval 59
ServerAliveCountMax 3
~~~

I also do the following check which all seems ok
~~~
$ ssh-add -l
256 SHA256:PfY15ZT3nH123123EcR7UdPSrJ+rtufgqf5CMDYKXYw aws (ED25519)
$ SSH_AUTH_SOCK=~/.1password/agent.sock ssh-add -l
256 SHA256:hE2UmRsuU123123xDFNeshruftNhRCiHblPEOXhL4c Linode (ED25519)
~~~

What am I missing?

Could you try changing the socket path in your ~/.ssh/config to:

IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"