Forum Discussion

Ryan_Parman's avatar
Ryan_Parman
Dedicated Contributor
3 years ago

SSH: The agent has no identities. (Searched the community first.)

Firstly, my SSH keys are in my FamilyPersonal vault. (I know that a lot of previous posts missed this.)

I'm attempting to follow https://1password.community/discussion/comment/646874/#Comment_646874 from floris_1P, and am getting the following result (linebreaks added for clarity):

```
$ export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock

$ echo $SSH_AUTH_SOCK
/Users/ryan_parman/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock

$ ssh-add -l
4096 SHA256:VwJJgAt2KOl5NKW4ghD7pA8op7uzgX+2UZi2Xf6ZKe0 RSA (RSA)
256 SHA256:Z179SEUcyJlRoNKxxE49bn6i1VbrlL9uENW3VeapQ4s ED25519 (ED25519)

$ docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" alpine sh -c 'apk add openssh && ssh-add -l'
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
(1/10) Installing openssh-keygen (9.1_p1-r2)
(2/10) Installing ncurses-terminfo-base (6.3_p20221119-r0)
(3/10) Installing ncurses-libs (6.3_p20221119-r0)
(4/10) Installing libedit (20221030.3.1-r0)
(5/10) Installing openssh-client-common (9.1_p1-r2)
(6/10) Installing openssh-client-default (9.1_p1-r2)
(7/10) Installing openssh-sftp-server (9.1_p1-r2)
(8/10) Installing openssh-server-common (9.1_p1-r2)
(9/10) Installing openssh-server (9.1_p1-r2)
(10/10) Installing openssh (9.1_p1-r2)
Executing busybox-1.35.0-r29.trigger
OK: 14 MiB in 25 packages

The agent has no identities.
```

Common stuff like git push and git pull work correctly, with 1Password prompting me to authorize.

And this is my SSH config.

```
$ cat ~/.ssh/config
Host *
AddKeysToAgent yes
ControlMaster auto
ControlPath /tmp/%r@%h:%p
ControlPersist 600
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

Host 10.* *.ec2.internal
PreferredAuthentications publickey
StrictHostKeyChecking no
```

Any ideas?

1Password Version: 1Password for Mac 8.10.6 (81006021)
Extension Version: N/A
OS Version: macOS 13.3.1 (a) (22E772610a)
Browser:_ N/A

SSH

7 Replies

  • dmbuil's avatar
    dmbuil
    Occasional Contributor
    3 years ago

    Thanks, @MartonS1P , floris_1P , for your answer.
    Yesterday, I managed to solve the issue by doing a clean install of 1P, as 1Password_rCURRENT.log wasn't verbose enough either for me to keep investigating.

    After that, ssh-add -l started working smoothly:

    ssh-add -l
    256 SHA256:zojQYofphA1Wfx*****d8qb96m5*****wInWxxS4 v-proxy_Ed25519 (ED25519)
    3072 SHA256:us47I3bBvYXr3*****MNB4jr9gcvPp/U*****vk ftpjcmgt02_Ed25519 (RSA)
    4096 SHA256:aVPGbgByminaTsO*****b538Ivmn1CzNnRDsZrgj3g GitHub SSH Auth Key (RSA)
    256 SHA256:eMFn+ah2/Xd/cAM5s4mtZJMVVjPgUT*****P7kJTD8 GitHub SSH Signing Key (ED25519)
    3072 SHA256:qn4luzQ53LP*****RJQFbCs1/oD2A53+****+up+6c Clave SSH (RSA)
    3072 SHA256:oaqyyLdfKysKtv0aZR******Hq7tMbQ1tHZOWok1SE id_rsa_rpi2 (RSA)

    floris_1P , it happened to me both on Docker and ordinary terminal, and yes, they are placed on my Personal Vault.
    What I've noticed though is that setting the symlink on the .ssh/config does not work, and have to use the absolute path to the socket:

    Host *
    IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
    #IdentityAgent ~/.1password/agent.sock # <--- this does not work, no matter if single-or-double-quoted or not
    [... other ssh config ...]

    Maybe that's normal for .ssh/config syntax, I am not that expert on ssh.

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team
    3 years ago

    Did I do something wrong in my original post?

    Ryan_Parman Just the shell export alone doesn't do the trick. The socket needs to be passed down to the Docker for Mac app. Either using the open command or using launchctl, as described here.

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team
    3 years ago

    dmbuil Did you move your keys out of the default Private/Personal vault, by any chance?

    And just checking to make sure: is your issue related to Docker as well, like the original post?

  • Former Member's avatar
    Former Member
    3 years ago

    Hey dmbuil and Ryan_Parman.

    Make sure you update to the latest version of the app. If the issue still occurs, could you try reproducing it by running an ssh command and checking the logs of the 1Password app? You can find the logs under "Help" -> "Troubleshooting" -> "Open Logs folder" -> "1Password_rCURRENT.log".

    If you see any logs related to ssh, please let me know. These logs will help us identify the issue you're encountering.

  • dmbuil's avatar
    dmbuil
    Occasional Contributor
    3 years ago

    Thing is, the same is happening to me as well; out of the blue, the SSH agent integration stopped working.
    I do have Git Signing & Auth keys, and none of them are recognized when I do a ssh-add -l.

    A couple of days ago, I could sign and log into GitHub smoothly. (I don't have an SSH-ready server as of now to check whether the key-based login is working).
    I have 1Password for Mac 8.10.7 (81007001) and MacOS 12.6.3 (21G419).

  • Ryan_Parman's avatar
    Ryan_Parman
    Dedicated Contributor
    3 years ago

    points to the export SSH_AUTH_SOCK in the original post.

    Did I do something wrong in my original post?

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team
    3 years ago

    To get it to work with Docker for Mac, the Docker for Mac application itself needs SSH_AUTH_SOCK set. Here are two ways how to do that on macOS.