Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
adamrothman
3 years agoNew Contributor
SSH client not attempting keys returned from 1Password agent
I have 2 computers, both running 1Password 8.9.8 on macOS 13 (Ventura). Both are logged into the same 1Password account and running the 1Password SSH agent. I have added the following 4 SSH keys to 1Password, which the agent reflects:
```
$ env | grep SSH
SSH_AUTH_SOCK=/Users/adam/.1password/agent.sock
$ ssh-add -l
256 SHA256:eum8cgSeUH7RHKAltGdQIIRoZN8ly4Dm40Q0oKQjFw0
256 SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU
256 SHA256:wyCOVP0JcH6DP9VuYdGUR+NW1Urxa3KapWSpX+mJ544
256 SHA256:mBCy6QPwWESMv3ugDluj7IMMmaMQ+iLO8vlPyeEL6PI
```
The second key SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU
is attached to my GitHub account.
On the first computer, the 1Password SSH agent works as expected. It returns 5 keys (there's another one from a different Vault), SSH attempts each of these, and I'm able to connect:
$ ssh -v -T git@github.com
OpenSSH_9.0p1, LibreSSL 3.3.6
...
debug1: get_agent_identities: agent returned 5 keys
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_ed25519 ED25519 SHA256:ECMfEhvQ50ija9WO4N1Ip64/Jxa46oojpfurc2ZItz0 agent
debug1: Will attempt key: <redacted> ED25519 SHA256:eum8cgSeUH7RHKAltGdQIIRoZN8ly4Dm40Q0oKQjFw0 agent
debug1: Will attempt key: <redacted> ED25519 SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU agent
debug1: Will attempt key: <redacted> ED25519 SHA256:wyCOVP0JcH6DP9VuYdGUR+NW1Urxa3KapWSpX+mJ544 agent
debug1: Will attempt key: <redacted> ED25519 SHA256:mBCy6QPwWESMv3ugDluj7IMMmaMQ+iLO8vlPyeEL6PI agent
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_rsa
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_ecdsa
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_xmss
debug1: Will attempt key: /Users/adam.rothman/.ssh/id_dsa
...
debug1: Offering public key: <redacted> ED25519 SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU agent
debug1: Server accepts key: <redacted> ED25519 SHA256:NdEgj6UoJSWQrg82ueeHfWZxfzJmEAzbgUljZwQvShU agent
Authenticated to github.com ([100.64.1.46]:22) using "publickey".
...
Hi adamrothman! You've successfully authenticated, but GitHub does not provide shell access.
On the second computer, the 1Password agent returns the 4 expected keys, but for reasons I don't understand, SSH does not attempting any of them:
$ ssh -v -T git@github.com
OpenSSH_9.0p1, LibreSSL 3.3.6
...
debug1: get_agent_identities: agent returned 4 keys
debug1: Will attempt key: /Users/adam/.ssh/id_rsa
debug1: Will attempt key: /Users/adam/.ssh/id_ecdsa
debug1: Will attempt key: /Users/adam/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/adam/.ssh/id_ed25519
debug1: Will attempt key: /Users/adam/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/adam/.ssh/id_xmss
debug1: Will attempt key: /Users/adam/.ssh/id_dsa
...
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).
The SSH configs on these 2 computers are not exactly the same, but I can't figure out what setting(s) might be preventing SSH from attempting the keys offered by the 1Password agent. This issue is not specific to github.com – it happens for all the SSH servers I've tried connecting to.
Thanks in advance for your help.
1Password Version: 8.9.8 (80908009)
Extension Version: N/A
OS Version: macOS Ventura 13.0.1 (22A400)
Browser:_ Chrome
- Jack_P_1P
1Password Team
Hi adamrothman:
Would you be able to share your SSH config from your second computer? If there's things in your SSH config that you'd rather keep private, you can get in touch with us directly at
support+forum@1password.com
, and we'll be able to take a look at your config via email instead.Jack
- adamrothmanNew Contributor
Thanks for getting back to me Jack_P_1P – I'm traveling through Dec 5 and therefore away from that second computer. I'll post the config when I get back.
- adamrothmanNew Contributor
I figured it out! I had the
IdentitiesOnly yes
option set in my config but had commented out theIdentityFile
option under the hosts I was testing with. Updating IdentityFile to point to the public key I wanted to use did the right thing. Thanks for prompting me to check that out Jack_P_1P! - Jack_P_1P
1Password Team
Hi adamrothman:
Glad to hear it, you're very welcome! Feel free to get in touch if there's anything else we can help you with.
Jack