Hey everyone, thought i'd post my solution in case it helps anyone looking to setup agent forwarding with 1Password.

The solution was to rely on file paths instead of environment variables as most GUI apps don't have a way of setting environment variables.

Make both changes on the remote machine:
1. ~/.ssh/rc contents (don't forget to chmod +x this file):

```

create/update symlink only if interactive ssh login AND ~/.ssh/ssh_auth_sock doesn't exist AND $SSH_AUTH_SOCK does exist

if [[ -n "$SSH_TTY" && ! -S ~/.ssh/ssh_auth_sock && -S "$SSH_AUTH_SOCK" ]]; then
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
```

1. ~/.ssh/config contents: ``` # override IdentityAgent parameter for all hosts if forwarded SSH agent is present Match host * exec "test -S ~/.ssh/ssh_auth_sock" IdentityAgent ~/.ssh/ssh_auth_sock

use 1password ssh agent as default

Match host *
IdentityAgent /path/to/1password/agent.sock
```

Explanation

The ssh rc script runs everytime an ssh connection is made. It updates the symlink ~/.ssh/ssh_auth_sock with the path specified by $SSH_AUTH_SOCK, which is the path to the forwarded ssh agent.

The first match in the ssh config only succeeds if the symlink is valid, and if so, uses that as the IdentityAgent. If the first match fails, then IdentityAgent will be set to local instance of 1Password instead. The order is important – SSH will use the first obtained value for a parameter, so when the symlink is valid, it'll set it as the IdentityAgent and ignore the second IdentityAgent line.

Works when i'm locally at the machine and when connected via SSH – with both CLI and GUI apps!