Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

adamrothman's avatar
adamrothman
New Contributor
3 years ago

SSH client not attempting keys returned from 1Password agent

I have 2 computers, both running 1Password 8.9.8 on macOS 13 (Ventura). Both are logged into the same 1Password account and running the 1Password SSH agent. I have added the following 4 SSH keys to 1Password, which the agent reflects:

```
$ env | grep SSH

SSH_AUTH_SOCK=/Users/adam/.1password/agent.sock

$ ssh-add -l
256 SHA256:eum8cgSeUH7RHKAltGdQIIRoZN8ly4Dm40Q0oKQjFw0 (ED25519)
256 SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU (ED25519)
256 SHA256:wyCOVP0JcH6DP9VuYdGUR+NW1Urxa3KapWSpX+mJ544 (ED25519)
256 SHA256:mBCy6QPwWESMv3ugDluj7IMMmaMQ+iLO8vlPyeEL6PI (ED25519)
```

The second key SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU is attached to my GitHub account.

On the first computer, the 1Password SSH agent works as expected. It returns 5 keys (there's another one from a different Vault), SSH attempts each of these, and I'm able to connect:


$ ssh -v -T git@github.com
OpenSSH_9.0p1, LibreSSL 3.3.6
...
debug1: get_agent_identities: agent returned 5 keys
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_ed25519 ED25519 SHA256:ECMfEhvQ50ija9WO4N1Ip64/Jxa46oojpfurc2ZItz0 agent
debug1: Will attempt key: <redacted> ED25519 SHA256:eum8cgSeUH7RHKAltGdQIIRoZN8ly4Dm40Q0oKQjFw0 agent
debug1: Will attempt key: <redacted> ED25519 SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU agent
debug1: Will attempt key: <redacted> ED25519 SHA256:wyCOVP0JcH6DP9VuYdGUR+NW1Urxa3KapWSpX+mJ544 agent
debug1: Will attempt key: <redacted> ED25519 SHA256:mBCy6QPwWESMv3ugDluj7IMMmaMQ+iLO8vlPyeEL6PI agent
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_rsa
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_ecdsa
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_xmss
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_dsa
...
debug1: Offering public key: <redacted> ED25519 SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU agent
debug1: Server accepts key: <redacted> ED25519 SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU agent
Authenticated to github.com ([100.64.1.46]:22) using "publickey".
...
Hi adamrothman! You've successfully authenticated, but GitHub does not provide shell access.

On the second computer, the 1Password agent returns the 4 expected keys, but for reasons I don't understand, SSH does not attempting any of them:


$ ssh -v -T git@github.com
OpenSSH_9.0p1, LibreSSL 3.3.6
...
debug1: get_agent_identities: agent returned 4 keys
debug1: Will attempt key: /Users/adam/.ssh/id_rsa
debug1: Will attempt key: /Users/adam/.ssh/id_ecdsa
debug1: Will attempt key: /Users/adam/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/adam/.ssh/id_ed25519
debug1: Will attempt key: /Users/adam/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/adam/.ssh/id_xmss
debug1: Will attempt key: /Users/adam/.ssh/id_dsa
...
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).

The SSH configs on these 2 computers are not exactly the same, but I can't figure out what setting(s) might be preventing SSH from attempting the keys offered by the 1Password agent. This issue is not specific to github.com – it happens for all the SSH servers I've tried connecting to.

Thanks in advance for your help.


1Password Version: 8.9.8 (80908009)
Extension Version: N/A
OS Version: macOS Ventura 13.0.1 (22A400)
Browser:_ Chrome

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team

    Hi adamrothman:

    Would you be able to share your SSH config from your second computer? If there's things in your SSH config that you'd rather keep private, you can get in touch with us directly at support+forum@1password.com, and we'll be able to take a look at your config via email instead.

    Jack

  • adamrothman's avatar
    adamrothman
    New Contributor

    Thanks for getting back to me Jack_P_1P – I'm traveling through Dec 5 and therefore away from that second computer. I'll post the config when I get back.

  • adamrothman's avatar
    adamrothman
    New Contributor

    I figured it out! I had the IdentitiesOnly yes option set in my config but had commented out the IdentityFile option under the hosts I was testing with. Updating IdentityFile to point to the public key I wanted to use did the right thing. Thanks for prompting me to check that out Jack_P_1P!

  • Jack_P_1P's avatar
    Jack_P_1P
    Icon for 1Password Team rank1Password Team

    Hi adamrothman:

    Glad to hear it, you're very welcome! Feel free to get in touch if there's anything else we can help you with.

    Jack