Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

Former Member's avatar
Former Member
2 years ago

ssh agent does not list my keys despite $SSH_AUTH_SOCK set

I've seen previous discussions on this topic, like this one, however my current configuration has all the bits in that discussion.

So, here's my current setup and configurations:

  1. I have the 1password ssh agent running per the Settings -> Developer options in 1Password.
  2. The configuration (~/.ssh/config) has a Host * IdentityAgent pointing to "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock", which I added automatically from the settings page
  3. I added the global plist per this support page and loaded it. It did not complain about errors, so I assume it's working
  4. I restarted the computer since then
  5. I made sure my zshrc does not redeclare the SSH_AUTH_SOCKET environment variable
  6. fetching private repositores from the command line works, as 1password pops up and asks me to authorize the keys in the vault, and then succeeds in using them
  7. there are no keys as files in the ~/.ssh/ directory
  8. I have an ssh agent configuration toml file which changes the order of the keys, but nothing else
  9. $ echo $SSH_AUTH_SOCK tells me it's set to /private/tmp/com.apple.launchd.IC5jFZHBxD/Listeners (unsure whether this is due to the plist file?)
  10. ps aux | grep ssh-agent tells me there's an ssh-agent process running at /usr/bin/ssh-agent -l, I don't think this is 1passwords, and I don't know what starts this one

With the above, ssh-add -l tells me the agent has no identities. Ideally I would like the command to list the keys that the 1password ssh agent has


1Password Version: 8.10.18
Extension Version: 2.16.0
OS Version: macOS 14.1
Browser: Arc (chrome)

  • Former Member's avatar
    Former Member

    Further, the ssh-agent is started by launchd, the value of $SSH_AUTH_SOCK is from that process. It's in the open files in the activity monitor.

    When I list the services that launchd starts with launchctl list and then grep for the process ID of the ssh-agent, it is started by com.openssh.ssh-agent.

    That seems to be a mac built in openssh agent per https://gist.github.com/vancluever/de1c3985c8f9e2a3c4bdc42a057e075e (I found the plist in /System/Library/LaunchAgents) and https://discussions.apple.com/thread/7874675

  • Former Member's avatar
    Former Member

    So I guess the question is, how do I force my computer to use the 1Password ssh agent, and not its own built in ssh agent? 🤔

  • Former Member's avatar
    Former Member

    For the record if I manually add the

    export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock

    line to the zsh config, reload, and make sure that the env var is that one, ssh-add -l works as intended and will list the keys 1password has.

    I'm having trouble getting the built in ssh agent to NOT start, and the SSH_AUTH_SOCK to not be set to the apple listener.

    I've tried the launchctl bootout, disable, etc, to no avail.

  • Former Member's avatar
    Former Member

    I've come across the same issue. My git commands correctly make 1PW prompt for my authorization but any ssh commands fail to do so.

    Have you found a solution to this since coming across the issue? I have not come further than the things you described above.

  • mindvex's avatar
    mindvex
    New Contributor

    I have the exact same issue on a freshly setup Macbook, with the very same behaviour. the config file looks fine, but it just doesn't have any available identities and $SSH_AUTH_SOCKET also points to the apple listener.