Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
SSH Bookmarks - broken on macOS
Hi,
spent half a day on getting my (around 15) SSH keys and config sorted out. No success, at least not in "the way it's meant to be" by 1Password.
I'm pretty sure I did everything correctly (all on macOS):
- set the agent in config,
- checked all the right boxes to get the "Include" file,
- include it in configuration
And still, when I do `ssh -vvv ...` I see that the user and host gets matched to the correct *.pub key, but the agent insists on offering every single key it knows. And we now where this ends - back in my shell, not on the remote machine.
So finally after several hours, I gave up and just copied the corresponding `IdentityFile` statements directly into config, remove the "Include" and can happily login to my remote shells. Which kind of defeats the purpose of SSH bookmarks.
By the way I also never made it work to have a "Host" definition in my config while using its name as a url. Docs say that it works, it does not (at least for me).
Example in config:
Host machine-a
Hostname machine-a.example.org
User chilledbeany
and in 1Password:
ssh://machine-aNo match. Only with
ssh://chilledbeany@machine-a.example.orgit matches, which is again, kind of wrong.
So, any guidance on what I do wrong or getting it fixed in 1Password is appreciated.
Heureka!
Just a few more hours and it works. Key paragraph in docs (ideally to be reworked) https://developer.1password.com/docs/ssh/bookmarks/#use-the-configuration-file.- Include must be on top of ~/.ssh/config
- followed by Agent
- followed by Host definitions
Example (this would have helped me tremendously):
# use 1Password to manage ssh key assignment to logins (ssh bookmarks) Include "~/.ssh/1Password/config" # use 1Password as Identity Agent Host * IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" # IdentityAgent "~/.1password/agent.sock" ### ### Home Assistant ### Host homeassistant HostName homeassistant.local User root Port 222 # using a non-standard portIn 1Password define the custom url field:
url ssh://homeassistantAnd by the way, this also addresses the question of how to use a different port than 22/tcp for ssh connection.
2 Replies
Glad that worked for you, but it's not an acceptable solution. If you have a team with hundreds of SSH servers, you can't depend on a static ssh config file being kept up to date. It needs to be fully integrated with 1Password.
Heureka!
Just a few more hours and it works. Key paragraph in docs (ideally to be reworked) https://developer.1password.com/docs/ssh/bookmarks/#use-the-configuration-file.- Include must be on top of ~/.ssh/config
- followed by Agent
- followed by Host definitions
Example (this would have helped me tremendously):
# use 1Password to manage ssh key assignment to logins (ssh bookmarks) Include "~/.ssh/1Password/config" # use 1Password as Identity Agent Host * IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" # IdentityAgent "~/.1password/agent.sock" ### ### Home Assistant ### Host homeassistant HostName homeassistant.local User root Port 222 # using a non-standard portIn 1Password define the custom url field:
url ssh://homeassistantAnd by the way, this also addresses the question of how to use a different port than 22/tcp for ssh connection.
