Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
"signing failed for" after multiple denies [CLI] [SSH Key] [SSH Agent] [Terminal]
Well, first of all I need say that I have a lot of SSH Keys because I'm work on multiple projects on the same time using git. So, a lot of them force-me to use SSH Key to make a pull or push of code.
Today, I had a problem when add a new SSH Key:
After call "git clone" and deny the first 3 SSH key, the 1Pass didn't show the remaining SSH Keys, and the Git CLI skip to request password(behavior when no ssh-key works)
Therefore, I went immediately in 1Pass logs to verify, and I found that the behavior is block per 15s the application if we have many attempts in a short time period, but this is a problem when we have a lot of ssh-keys and this case we want use just one of them. So it would be very powerful if we had a way as for example, chose the ssh-key in a list provided by 1Pass, because await a time for each item until I find the desired item is very very slow at the end of the day.
1Password Version: 8.10.7
Extension Version: Not Provided
OS Version: Ventura 13.3
Browser:_ Not Provided
5 Replies
floris_1P1Password Team
You could also consider revisiting why you even need different SSH authentication keys per repo. If they use the same Git account and the same 1Password account, there's not a lot of benefit of using different authentication keys anyway. There are no different access levels enforced per authentication key, and creating/revoking them is easy.
Hmmm, all of that is pretty cool, but for me, it's a lot of work hahaha, sorry I'm a lazy man. So, I really prefer wait 5sec per deny until reach my key instead do this bro. I'll wait for something more practical, 1Pass is a great product who knows soon we may see something more practical related to multiple ssh keys
- floris_1P
It's not likely we'll be making our prompt rate limiter more lenient at this time, so if you need separate SSH keys per repo, a Gitconfig / shell script / SSH config kind of workflow would likely be more promising at this point.
For example, you could look into adding a small
gitshim that setsGIT_SSH_COMMANDbased on the directory or Git repo name, e.g. usinggit config --get remote.origin.urlorgit rev-parse --show-toplevel. And then in that script use the repo name to point to a certain.pubfile on disk:GIT_SSH_COMMAND="ssh -i ~/.ssh/$REPO_NAME.pub" /opt/homebrew/bin/git "$@"You do have to download all the public keys from 1Password to disk once. (There are ways to also automate that part if you want, but we won't promise a stable API there)
Let me know if that helps.
Hello floris_1P , thanks for your answer!
Yeah, I know that way and I used to do it, but that's the reason I use 1Password SSH Agent, I don't want to go through the trouble of doing manual configurations, 1Pass Agent already does that, it just doesn't do it very well yet. There should be:
- either a popup with all my SSH so I could choose which one to use. In this case I don't need deny keys, its just select the one I want
- or decrease the time associated with "many denied attempts". In this case I can deny other ssh-keys until I reach the desired- floris_1P
Here's a docs article about using different SSH keys for different Git repos. Would that solve your use case?
