Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

Former Member's avatar
Former Member
3 years ago

SSH setup on Windows - Permission Denied error

I've been working to set up my SSH agent with 1Password as per today's release on my computers. I was able to set it up on macOS, but Windows is giving me an issue where the ssh agent can't find the key generated by 1Password. Running the test command ssh -T git@github.com simply yields the git@github.com: Permission denied (publickey). error.

What's the best practice to set this up in the case where 1Password generated the ssh key?

GitHub does have my key. To be clear, this works on my macOS devices, but not on Windows.


1Password Version: 8.9.5
Extension Version: Not Provided
OS Version: Windows 11 Pro for Workstations
Browser:_ Chrome

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team

    Could you provide the output of:

    ssh -vT git@github.com

    And of:

    ssh-add -l

  • Former Member's avatar
    Former Member

    Certainly. The output is as follows:

    ```
    ❯ ssh -vT git@github.com
    OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3
    debug1: Reading configuration data C:\Users\Kyle/.ssh/config
    debug1: C:\Users\Kyle/.ssh/config line 1: Applying options for *
    debug1: Connecting to github.com [192.30.255.112] port 22.
    debug1: Connection established.
    debug1: identity file C:\Users\Kyle/.ssh/id_rsa type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_rsa-cert type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_ecdsa type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_ecdsa-cert type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_ecdsa_sk type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_ecdsa_sk-cert type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_ed25519 type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_ed25519-cert type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_ed25519_sk type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_ed25519_sk-cert type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_xmss type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_xmss-cert type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_dsa type -1
    debug1: identity file C:\Users\Kyle/.ssh/id_dsa-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.9
    debug1: Remote protocol version 2.0, remote software version babeld-81baa361
    debug1: compat_banner: no match: babeld-81baa361
    debug1: Authenticating to github.com:22 as 'git'
    debug1: load_hostkeys: fopen C:\Users\Kyle/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ssh-ed25519
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: SSH2_MSG_KEX_ECDH_REPLY received
    debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
    debug1: load_hostkeys: fopen C:\Users\Kyle/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory
    debug1: Host 'github.com' is known and matches the ED25519 host key.
    debug1: Found key in C:\Users\Kyle/.ssh/known_hosts:1
    debug1: rekey out after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey in after 134217728 blocks
    debug1: get_agent_identities: ssh_get_authentication_socket: No such file or directory
    debug1: Will attempt key: C:\Users\Kyle/.ssh/id_rsa
    debug1: Will attempt key: C:\Users\Kyle/.ssh/id_ecdsa
    debug1: Will attempt key: C:\Users\Kyle/.ssh/id_ecdsa_sk
    debug1: Will attempt key: C:\Users\Kyle/.ssh/id_ed25519
    debug1: Will attempt key: C:\Users\Kyle/.ssh/id_ed25519_sk
    debug1: Will attempt key: C:\Users\Kyle/.ssh/id_xmss
    debug1: Will attempt key: C:\Users\Kyle/.ssh/id_dsa
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: C:\Users\Kyle/.ssh/id_rsa
    debug1: Trying private key: C:\Users\Kyle/.ssh/id_ecdsa
    debug1: Trying private key: C:\Users\Kyle/.ssh/id_ecdsa_sk
    debug1: Trying private key: C:\Users\Kyle/.ssh/id_ed25519
    debug1: Trying private key: C:\Users\Kyle/.ssh/id_ed25519_sk
    debug1: Trying private key: C:\Users\Kyle/.ssh/id_xmss
    debug1: Trying private key: C:\Users\Kyle/.ssh/id_dsa
    debug1: No more authentication methods to try.
    git@github.com: Permission denied (publickey).



    ❯ ssh-add -l
    256 SHA256:iDHYAgQKPtwY3Jv6LyqfDZ6iZIhmL3So0we+EN88wQ4 1Password SSH Key (ED25519)
    ```

  • Former Member's avatar
    Former Member

    Hi there, any suggestions?

  • Former Member's avatar
    Former Member

    In the /.ssh config file:

    ```
    Host *
    IdentityAgent "~/.1password/agent.sock"

    ```

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team

    Ah, that explains the error that you're seeing. In OpenSSH for Windows, the agent communication does not happen over a socket like it does on macOS or Linux, but over the \\.\pipe\openssh-ssh-agent pipe.

    This actually happens automatically, so you don't have set IdentityAgent in your SSH config. Could you try removing that snippet and run the SSH command again?

  • Former Member's avatar
    Former Member

    Ah-ha, that did it. Interesting, I believe I added that erroneous config as a troubleshooting step, but as you say it's working automatically now that it has been removed. Thanks for the help!