Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Former Member
3 years agoSSH setup on Windows - Permission Denied error
I've been working to set up my SSH agent with 1Password as per today's release on my computers. I was able to set it up on macOS, but Windows is giving me an issue where the ssh agent can't find the key generated by 1Password. Running the test command ssh -T git@github.com
simply yields the git@github.com: Permission denied (publickey).
error.
What's the best practice to set this up in the case where 1Password generated the ssh key?
GitHub does have my key. To be clear, this works on my macOS devices, but not on Windows.
1Password Version: 8.9.5
Extension Version: Not Provided
OS Version: Windows 11 Pro for Workstations
Browser:_ Chrome
- floris_1P
1Password Team
Could you provide the output of:
ssh -vT git@github.com
And of:
ssh-add -l
- Former Member
Certainly. The output is as follows:
```
❯ ssh -vT git@github.com
OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3
debug1: Reading configuration data C:\Users\Kyle/.ssh/config
debug1: C:\Users\Kyle/.ssh/config line 1: Applying options for *
debug1: Connecting to github.com [192.30.255.112] port 22.
debug1: Connection established.
debug1: identity file C:\Users\Kyle/.ssh/id_rsa type -1
debug1: identity file C:\Users\Kyle/.ssh/id_rsa-cert type -1
debug1: identity file C:\Users\Kyle/.ssh/id_ecdsa type -1
debug1: identity file C:\Users\Kyle/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\Users\Kyle/.ssh/id_ecdsa_sk type -1
debug1: identity file C:\Users\Kyle/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file C:\Users\Kyle/.ssh/id_ed25519 type -1
debug1: identity file C:\Users\Kyle/.ssh/id_ed25519-cert type -1
debug1: identity file C:\Users\Kyle/.ssh/id_ed25519_sk type -1
debug1: identity file C:\Users\Kyle/.ssh/id_ed25519_sk-cert type -1
debug1: identity file C:\Users\Kyle/.ssh/id_xmss type -1
debug1: identity file C:\Users\Kyle/.ssh/id_xmss-cert type -1
debug1: identity file C:\Users\Kyle/.ssh/id_dsa type -1
debug1: identity file C:\Users\Kyle/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.9
debug1: Remote protocol version 2.0, remote software version babeld-81baa361
debug1: compat_banner: no match: babeld-81baa361
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen C:\Users\Kyle/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
debug1: load_hostkeys: fopen C:\Users\Kyle/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in C:\Users\Kyle/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\Users\Kyle/.ssh/id_rsa
debug1: Will attempt key: C:\Users\Kyle/.ssh/id_ecdsa
debug1: Will attempt key: C:\Users\Kyle/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\Users\Kyle/.ssh/id_ed25519
debug1: Will attempt key: C:\Users\Kyle/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\Users\Kyle/.ssh/id_xmss
debug1: Will attempt key: C:\Users\Kyle/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\Users\Kyle/.ssh/id_rsa
debug1: Trying private key: C:\Users\Kyle/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\Kyle/.ssh/id_ecdsa_sk
debug1: Trying private key: C:\Users\Kyle/.ssh/id_ed25519
debug1: Trying private key: C:\Users\Kyle/.ssh/id_ed25519_sk
debug1: Trying private key: C:\Users\Kyle/.ssh/id_xmss
debug1: Trying private key: C:\Users\Kyle/.ssh/id_dsa
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).
❯ ssh-add -l
256 SHA256:iDHYAgQKPtwY3Jv6LyqfDZ6iZIhmL3So0we+EN88wQ4 1Password SSH Key (ED25519)
``` - Former Member
Hi there, any suggestions?
- floris_1P
1Password Team
Could you share your SSH config?
- Former Member
In the /.ssh config file:
```
Host *
IdentityAgent "~/.1password/agent.sock"```
- floris_1P
1Password Team
Ah, that explains the error that you're seeing. In OpenSSH for Windows, the agent communication does not happen over a socket like it does on macOS or Linux, but over the
\\.\pipe\openssh-ssh-agent
pipe.This actually happens automatically, so you don't have set
IdentityAgent
in your SSH config. Could you try removing that snippet and run the SSH command again? - Former Member
Ah-ha, that did it. Interesting, I believe I added that erroneous config as a troubleshooting step, but as you say it's working automatically now that it has been removed. Thanks for the help!