Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Solved
SSH Bookmarks - broken on macOS
Hi,
spent half a day on getting my (around 15) SSH keys and config sorted out. No success, at least not in "the way it's meant to be" by 1Password.
I'm pretty sure I did everything correctly (all on macOS):
- set the agent in config,
- checked all the right boxes to get the "Include" file,
- include it in configuration
And still, when I do `ssh -vvv ...` I see that the user and host gets matched to the correct *.pub key, but the agent insists on offering every single key it knows. And we now where this ends - back in my shell, not on the remote machine.
So finally after several hours, I gave up and just copied the corresponding `IdentityFile` statements directly into config, remove the "Include" and can happily login to my remote shells. Which kind of defeats the purpose of SSH bookmarks.
By the way I also never made it work to have a "Host" definition in my config while using its name as a url. Docs say that it works, it does not (at least for me).
Example in config:
Host machine-a
Hostname machine-a.example.org
User chilledbeany
and in 1Password:
ssh://machine-aNo match. Only with
ssh://chilledbeany@machine-a.example.orgit matches, which is again, kind of wrong.
So, any guidance on what I do wrong or getting it fixed in 1Password is appreciated.
Heureka!
Just a few more hours and it works. Key paragraph in docs (ideally to be reworked) https://developer.1password.com/docs/ssh/bookmarks/#use-the-configuration-file.- Include must be on top of ~/.ssh/config
- followed by Agent
- followed by Host definitions
Example (this would have helped me tremendously):
# use 1Password to manage ssh key assignment to logins (ssh bookmarks) Include "~/.ssh/1Password/config" # use 1Password as Identity Agent Host * IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" # IdentityAgent "~/.1password/agent.sock" ### ### Home Assistant ### Host homeassistant HostName homeassistant.local User root Port 222 # using a non-standard portIn 1Password define the custom url field:
url ssh://homeassistantAnd by the way, this also addresses the question of how to use a different port than 22/tcp for ssh connection.
4 Replies
I have a similar issue on Linux.
- `~/.ssh/config` contains `Include ~/.ssh/1Password/config` (though only needed for non-bookmark approach?)
- `~/.ssh/config` contains `Host *` with `IdentityAgent ~/.1password/agent.sock`
- `~/.ssh/config` contains a `Host custom-host-name` with details
- 1Password items contain `ssh://custom-host-name`
- Manually connecting via `ssh custom-home-name` fails with `Too many authentication failures` due to more than 6 keys (archiving a few ssh keys in 1P confirms this)
- Clicking "Connect" inside the 1P item opens the terminal and closes directly, I don't get to see what is wrong if anything, but probably the same auth failure due to limit of 6 keys
Glad that worked for you, but it's not an acceptable solution. If you have a team with hundreds of SSH servers, you can't depend on a static ssh config file being kept up to date. It needs to be fully integrated with 1Password.
Heureka!
Just a few more hours and it works. Key paragraph in docs (ideally to be reworked) https://developer.1password.com/docs/ssh/bookmarks/#use-the-configuration-file.- Include must be on top of ~/.ssh/config
- followed by Agent
- followed by Host definitions
Example (this would have helped me tremendously):
# use 1Password to manage ssh key assignment to logins (ssh bookmarks) Include "~/.ssh/1Password/config" # use 1Password as Identity Agent Host * IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" # IdentityAgent "~/.1password/agent.sock" ### ### Home Assistant ### Host homeassistant HostName homeassistant.local User root Port 222 # using a non-standard portIn 1Password define the custom url field:
url ssh://homeassistantAnd by the way, this also addresses the question of how to use a different port than 22/tcp for ssh connection.
Are you sure there isn't something else you tried that fixed this? Since adding `Include "~/.ssh/1Password/config"` is documented as a part of the https://developer.1password.com/docs/ssh/bookmarks/#ssh-bookmarks-config-file, which stores the hosts and public keys locally, not as part of the auto bookmarking via fields in the item.
