Forum Discussion

lukas-ramlab's avatar
lukas-ramlab
New Contributor
3 months ago
Solved

Single login in tiled-terminal session

We use 1password-cli to identify when logging into a remote machines through linux bash terminals.

We now have multiple remote machines that we want to login simultaneously and perform the same (or similar) commands.
Tmux (or other like terminator) are ideal for that since we can create a tiled-window, and synchronize all panes.

However, currently the issues is, if we want to login onto multiple machines, I have to type the password into the GUI-pop-up from 1password once per remote machine. Is there a way to create a tiled login from a single-tmux-session with a single login? 
I guess it would require some persisting of the login state / environment? But it is unclear now how this is handled by the terminal.

Thanks in advance. 
Best,
Lukas

CLI
linux
  • floris_1P's avatar
    floris_1P
    3 months ago

    CLI sessions are currently tied to a single TTY/PTY, so single terminal pane. And it's that strict because CLI sessions give full access to your 1Password account.

    We are considering to offer other authorization models with a lower blast radius, so if you can tell me what exactly you're trying to access from 1Password through the CLI, that could help us inform our decision.

5 Replies

Sort By
  • lukas-ramlab's avatar
    lukas-ramlab
    New Contributor
    3 months ago

    Thanks for the reply. I investigated a bit more how our internal tooling resolves the login.

    And what I would like to have is to have the logging from
    ```
    op account get
    ```
    be activated for a whole tmux (or other tiled session).

    When I run it the first time, it triggers the pop-up from 1password-cli to login, but any second time from the same terminal the login is saved.
    However, when having multiple terminals (or a multiplexed-terminal) I need to login for each sub-window.

    Is there any way of having to login only once for a multiplexed terminal?

    • floris_1P's avatar
      floris_1P
      Icon for 1Password Team rank1Password Team
      3 months ago

      CLI sessions are currently tied to a single TTY/PTY, so single terminal pane. And it's that strict because CLI sessions give full access to your 1Password account.

      We are considering to offer other authorization models with a lower blast radius, so if you can tell me what exactly you're trying to access from 1Password through the CLI, that could help us inform our decision.

      • lukas-ramlab's avatar
        lukas-ramlab
        New Contributor
        3 months ago

        I'm accessing one login-credential (username + password) which is used to login on multiple remote session.

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team
    3 months ago

    Just to confirm: you're mentioning a GUI pop-up, are you talking about the 1Password CLI or about the 1Password SSH agent?

    So does the prompt say: "Allow <app> to get CLI access" or "Allow <app> to use SSH key"?

  • AJCxZ0's avatar
    AJCxZ0
    Super Contributor
    3 months ago

    While I do not use 1Password to manage my ssh keys, it sounds like you do and that you are being prompted to authenticate (or "approve") with 1Password in order to use a private key for each connection. This strongly suggests that you are not using the 1Password ssh agent and/or do not have ssh configured to use it.

    When an ssh agent is working, you should only need to authenticate once for your unencrypted private key to be provided to the agent, which then provides it when needed to make connections, however the default for 1Password's agent is to require new "approval" when the 1Password client times out and locks and in other conditions. See Step 6: Authorize the SSH request.

    If you believe that you have the agent working and ssh configured properly but are still having problems, then I recommend showing - not just telling - what happens when you run ssh to make a connection along with relevant commands and output showing details of the agent and ssh configuration.

    A pedantic point to assist with clarity: your problem is substantially unrelated to a kernel (Linux), your shell (bash), your unspecified terminal emulator, the multiplexer (tmux), or logins - all of which you mention, but with ssh - which you didn't mention. When testing, stick with one terminal running one shell and using one private key, making connections in sequence.