Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
SSH Key Certificates
Hello,
I'm using SSH keys in combination with certificates. The certificates are the result of a signing process by a ca certificate.
Normally the ssh-agent adds them automatically if they are ...
and the ssh -v:
OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Users/nik/.ssh/config
debug1: /Users/nik/.ssh/config line 666: Applying options for lbp-beta
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: auto-mux: Trying existing master
debug1: Control socket "/Users/nik/.ssh/connections/mux_f13923b06c905842fb0135c98f243b441ae95199" does not exist
debug1: Connecting to lbp-beta.snafu.de port 2222.
debug1: Connection established.
debug1: identity file /Users/nik/.ssh/id_rsa type -1
debug1: identity file /Users/nik/.ssh/id_dsa type -1
debug1: identity file /Users/nik/.ssh/id_ecdsa type -1
debug1: identity file /Users/nik/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/nik/.ssh/id_ed25519 type -1
debug1: identity file /Users/nik/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/nik/.ssh/id_xmss type -1
debug1: certificate file /Users/nik/.ssh/id_rsa_sam-cert.pub type 4
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: compat_banner: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to lbp-beta.snafu.de:2222 as 'snafu'
debug1: load_hostkeys: fopen /Users/nik/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: mailto:chacha20-poly1305@openssh.com MAC:
debug1: kex: client->server cipher: mailto:chacha20-poly1305@openssh.com MAC:
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:aeiz4bhAS1fsewpgQ5rdgIvHa7Hs8vW/CiUU+unbKWM
debug1: load_hostkeys: fopen /Users/nik/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[lbp-beta.snafu.de]:2222' is known and matches the ED25519 host key.
debug1: Found key in /Users/nik/.ssh/known_hosts:1752
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/nik/.ssh/id_rsa_sam-cert.pub RSA-CERT SHA256:jzuBd+ulgpxou9emJu1RRvIn9bf6plMl0E4mhQLHZvU explicit
debug1: Will attempt key: id_rsa_sam RSA SHA256:jzuBd+ulgpxou9emJu1RRvIn9bf6plMl0E4mhQLHZvU agent
debug1: Will attempt key: /Users/nik/.ssh/id_rsa
debug1: Will attempt key: /Users/nik/.ssh/id_dsa
debug1: Will attempt key: /Users/nik/.ssh/id_ecdsa
debug1: Will attempt key: /Users/nik/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/nik/.ssh/id_ed25519
debug1: Will attempt key: /Users/nik/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/nik/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/nik/.ssh/id_rsa_sam-cert.pub RSA-CERT SHA256:jzuBd+ulgpxou9emJu1RRvIn9bf6plMl0E4mhQLHZvU explicit
debug1: Server accepts key: /Users/nik/.ssh/id_rsa_sam-cert.pub RSA-CERT SHA256:jzuBd+ulgpxou9emJu1RRvIn9bf6plMl0E4mhQLHZvU explicit
sign_and_send_pubkey: signing failed for RSA "id_rsa_sam": agent refused operation
debug1: Offering public key: id_rsa_sam RSA SHA256:jzuBd+ulgpxou9emJu1RRvIn9bf6plMl0E4mhQLHZvU agent
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /Users/nik/.ssh/id_rsa
debug1: Trying private key: /Users/nik/.ssh/id_dsa
debug1: Trying private key: /Users/nik/.ssh/id_ecdsa
debug1: Trying private key: /Users/nik/.ssh/id_ecdsa_sk
debug1: Trying private key: /Users/nik/.ssh/id_ed25519
debug1: Trying private key: /Users/nik/.ssh/id_ed25519_sk
debug1: Trying private key: /Users/nik/.ssh/id_xmss
debug1: No more authentication methods to try.
mailto:snafu@lbp-beta.snafu.de: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
