Yep, I added this section to my ~/.bashrc and disabled the IdentityAgent setting in ~/.ssh/config on both of my machines:

```bash

Enable 1Password SSH agent

We do this by setting up SSH_AUTH_SOCK, but only for local sessions (SSH_TTY

is unset); if SSH_TTY is set, however, assume that it's a remote session, and

that SSH agent forwarding is active, so we should leave SSH_AUTH_SOCK alone

if [ -z "$SSH_TTY" ]; then
export SSH_AUTH_SOCK=~/.1password/agent.sock
fi
```

Would be nice if this use case was covered, maybe in https://developer.1password.com/docs/ssh/agent/advanced or something?

You could look for SSH_TTY which will be set in your remote shell, and if it's not set then configure SSH_AUTH_SOCK.

Thanks -- yes, I do!

I've tried it out, and it seems to work as expected. However, it doesn't play well with the default setup recommended in the 1Password docs (eg. setting IdentityAgent for Host * in ~/.ssh/config), as then the remote host still tries to use its local 1Password agent.

Will see if I can play around a bit with a .bashrc script to set SSH_AUTH_SOCK to the 1Password agent only for local logins, and leave it untouched for remote logins over SSH.

Do you have 1Password installed on your host machine? If so, then that sounds like a perfect case for SSH agent forwarding, which you can enable in your VS Code setup so you can use your local agent and rely on your local '1Password lock state' instead of the one on the remote host.