Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

Former Member's avatar
Former Member
3 years ago

ssh-agent on linux: sign_and_send_pubkey agent refused operation

I'm trying to get ssh-agent integration working on linux with 1password 8. When I try a git pull to an ssh-based server, auth via the agent fails with the following relevant line from verbose output:


debug1: Next authentication method: publickey
debug1: Offering public key: (redacted) agent
debug1: Server accepts key: (redacted) agent
sign_and_send_pubkey: signing failed for ED25519 "(redacted)" from agent: agent refused operation

The 1password ssh agent is running. I can see my key listed in the output of ssh-add -l.


1Password Version: 8.9.4
Extension Version: Not Provided
OS Version: arch linux with kernel 6.0.2-arch1-1
Browser:_ N/A

  • Former Member's avatar
    Former Member

    Sorry to hear you’re running into a problem with the ssh agent.

    Are you able to authenticate directly via ssh to anything? Try ssh -T git@github.com (this assumes GitHub) and let us know the results.

    And just to check, have you gone through our Developer Documentation: https://developer.1password.com/docs/ssh/agent/? Linux requires Polkit and a non-Snap install for the ssh agent to work.

  • Former Member's avatar
    Former Member

    I get the same 'agent refused operation' error no matter which host I'm connecting to.


    ❯ ssh -T git@github.com
    sign_and_send_pubkey: signing failed for ED25519 "/home/plyons/.ssh/id_ed25519" from agent: agent refused operation
    git@github.com: Permission denied (publickey).

  • Former Member's avatar
    Former Member

    I'm on arch and I have extra/polkit installed and 1password 8.9.8-9 and 1password-cli 2.7.3-1

  • mwmdev's avatar
    mwmdev
    New Contributor

    I have the same experience as @focusaurus .
    ssh provides the correct key, The server accepts it. The agent fails to sign it with the

    agent refused operation
    Also on arch with 1password version 8.9.14

  • Former Member's avatar
    Former Member

    Hmm, it seems I had the system polkit service running, but not an agent process running within my X session. Getting that working seems to have made the op CLI work again. I wonder if that will help with the SSH agent too.

  • dabe's avatar
    dabe
    New Contributor

    @focusaurus Could I ask how you solved your issue? I'm running into the exact same issue.

    In my case, I had to remove the 1password IdentityAgent from my ssh config, export my private key, set its permissions properly (they weren't set right by default when exported by 1Password), and then my ssh -T git@github.com would succeed.

    It may have something to do with 1Password not setting proper permissions on the keys that it loads into the ssh-agent, but I can't really verify that.

    edit: Well, looks like all I needed to do was restart 1password. Strange. Maybe it was from a stale update.

  • Former Member's avatar
    Former Member

    Yeah it appears with a newer release of 1Password I turned on the ssh-agent, got my config set up according to the docs again, and restarted 1password and now it seems to be working!

    Details for posterity:

    1Password for Linux 8.10.4 (81004032)