Forum Discussion
SSH Agent: agent refused operation
When trying to use SSH Agent with 1Password on my Ubuntu system (22.04) I get the following message:
sign_and_send_pubkey: signing failed for ED25519 "SSH Key" from agent: agent refused operation
I can see my SSH key with ssh-add -l, but when trying to use it, it doesn't work. The SSH key works fine on my Mac.
Tried rebooting the system, but no luck.
Here is some trace logging from 1password:
DEBUG 2022-09-08T20:44:42.058 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:194] connection received
DEBUG 2022-09-08T20:44:42.059 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:379] Handling SSH agent message: RequestIdentities
TRACE 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db/src/db.rs:284] >transaction #49 (db:Db(0x7fb48a46f5a0, /home/robin/.config/1Password/1password.sqlite))
TRACE 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db/src/db.rs:284] <transaction #49 (db:Db(0x7fb48a46f5a0, /home/robin/.config/1Password/1password.sqlite)) (0.000s)
TRACE 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db-queue/src/operations.rs:1262] >transaction #tx#49(get_objects_by)
DEBUG 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db/src/transaction.rs:57] COMMIT(tx#49(get_objects_by))
TRACE 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db-queue/src/operations.rs:1262] <transaction #tx#49(get_objects_by) (0.000s)
DEBUG 2022-09-08T20:44:42.337 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:379] Handling SSH agent message: SignRequest
DEBUG 2022-09-08T20:44:42.338 tokio-runtime-worker(ThreadId(1)) [1P:foundation/op-sys-info/src/process_information/linux.rs:57] no process path could be found during verification
DEBUG 2022-09-08T20:44:42.346 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:400] process info for client: SessionProcess { pid: 2521, tty_pid: Some(2523), executable_path: /usr/bin/kitty, command_line: <Vec < String >>, application_name: <String> }
TRACE 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db/src/db.rs:284] >transaction #50 (db:Db(0x7fb48a46f5a0, /home/robin/.config/1Password/1password.sqlite))
TRACE 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db/src/db.rs:284] <transaction #50 (db:Db(0x7fb48a46f5a0, /home/robin/.config/1Password/1password.sqlite)) (0.000s)
TRACE 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db-queue/src/operations.rs:1262] >transaction #tx#50(get_objects_by)
DEBUG 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db/src/transaction.rs:57] COMMIT(tx#50(get_objects_by))
TRACE 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db-queue/src/operations.rs:1262] <transaction #tx#50(get_objects_by) (0.000s)
TRACE 2022-09-08T20:44:42.348 op_executor:invocation_loop(ThreadId(11)) [1P:op-app/src/app/backend.rs:217] >blocking event loop invoke Invocation(Internal(NextTick(op-app/src/app/backend/automated_unlock.rs:28)))
TRACE 2022-09-08T20:44:42.348 op_executor:invocation_loop(ThreadId(11)) [1P:op-app/src/app/backend.rs:217] <blocking event loop invoke Invocation(Internal(NextTick(op-app/src/app/backend/automated_unlock.rs:28))) (0.000s)
TRACE 2022-09-08T20:44:42.358 tokio-runtime-worker(ThreadId(1)) [1P:op-data-layer/src/unlock.rs:215] >unlock_with_key
TRACE 2022-09-08T20:44:42.370 tokio-runtime-worker(ThreadId(1)) [1P:op-data-layer/src/unlock.rs:215] <unlock_with_key (0.012s)
DEBUG 2022-09-08T20:44:42.370 tokio-runtime-worker(ThreadId(1)) [1P:op-automated-unlock/src/lib.rs:552] Denied
INFO 2022-09-08T20:44:42.370 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:419] Session was not authorized
1Password Version: 8.9.4
Extension Version: Not Provided
OS Version: Ubuntu 22.04
Browser:_ Not Provided
7 Replies
floris_1P this is my version at the moment:
1Password for Mac 8.10.6
81006027, on PRODUCTION channelAs I said, the problem was fixed after restarting the computer but it was a bit unintuitive.
floris_1P1Password Team
@jumar Which 1Password version are you on?
UPDATE: I had to restart my computer
It would be helpful to mention this in the official instructions.I'm facing the same problem on macOS 13.3.1 (a).
No matter what I try to do I always get this error when doinggit fetchfrom a github repo
sign_and_send_pubkey: signing failed for ED25519 "/Users/jumar/Downloads/id_ed25519.pub" from agent: agent refused operation
1Password log contains these messages:
INFO 2023-05-18T09:47:11.828 tokio-runtime-worker(ThreadId(8)) [1P:foundation/op-sys-info/src/process_information/macos/non_app_store.rs:86] failed to find NSApplication related to pid 3960
INFO 2023-05-18T09:47:11.837 tokio-runtime-worker(ThreadId(1176)) [1P:foundation/op-apple/src/biometry_service.rs:308] System biometry info: BiometricStatus { current_policy: BiometricsOnly, current_method: TouchId, current_availability: NotEnrolled }
INFO 2023-05-18T09:47:15.074 tokio-runtime-worker(ThreadId(3)) [1P:ssh/op-ssh-agent/src/lib.rs:541] Session was not authorized
Even if my 1Password app is opened and unlocked it's still the same error.
More SSH logs:
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/jumar/Downloads/id_ed25519.pub ED25519 SHA256:As31qZ4Rff4WbHnS6nikN84c+FRxbMERDnvYIgexE8c explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /Users/jumar/Downloads/id_ed25519.pub ED25519 SHA256:As31qZ4Rff4WbHnS6nikN84c+FRxbMERDnvYIgexE8c explicit agent
debug3: sign_and_send_pubkey: using publickey with ED25519 SHA256:As31qZ4Rff4WbHnS6nikN84c+FRxbMERDnvYIgexE8c
debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:As31qZ4Rff4WbHnS6nikN84c+FRxbMERDnvYIgexE8c
sign_and_send_pubkey: signing failed for ED25519 "/Users/jumar/Downloads/id_ed25519.pub" from agent: agent refused operation
Dayton_agHey @iono thanks for following up, and for sharing what got things working for you! This was likely needed to facilitate the Hello authorization prompts. Nonetheless, I'm glad to hear the SSH Agent is working for you now! 🙂
Thank you Dayton_ag. I've been attempting to solve my issues with 1Password & SSH. I followed all instructions on the docs and got the same error "Session was not authorized" in my logs. After countless attempts at fixing it, and many other one line commands later. The only thing that fixed it was locking 1Password desktop app, then signing back into the application using Windows Hello. This then gave me the option of using my bio metrics to sign git, and use ssh.
This I believe was due to the fact I had already signed in to 1Password desktop app previously, and enabled SSH access, in order for it to work and authenticate properly I had to lock and re sign in like you suggested to donbeave.
- Dayton_ag
Hey y'all, I'm sorry for the delay here. I've had a hand at reproducing this and I've noticed that I can recreate this set of logs when I boot up and try an SSH command, without unlocking 1Password. When trying the SSH command, is 1Password currently locked and minimized to your menu / system tray? If so, does the 1Password app open when you run your SSH command, or does it remain locked in the background?
The next time you run into this issue, could you open the 1Password desktop app, sign in, then re-run your SSH command and let me know if you see an improvement?
Thanks y'all!
Same on the latest macOS Ventura 13.0 (22A380)
sign_and_send_pubkey: signing failed for ED25519 "donbeave SSH" from agent: agent refused operationAnd 1Password log file contains such error message:
INFO 2022-11-12T04:18:02.059 tokio-runtime-worker(ThreadId(2)) [1P:ssh/op-ssh-agent/src/lib.rs:450] Session was not authorized
