It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Unable to use 1Password SSH agent at work (RSA 2048, Azure DevOps)
Yesterday I tested the 1Password SSH agent with my personal stuff and everything seemed fine.
Today I wanted to use it at work as well, but everything fails...
- Git on the command line: ``` ➜ git pull sign_and_send_pubkey: signing failed: agent refused operation user@domain1.com@domain2.com: Permission denied (password,publickey). fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
```
- SourceTree: ``` git -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree fetch origin sign_and_send_pubkey: signing failed: agent refused operation user@domain1.com@domain2.com: Permission denied (password,publickey). fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
sign_and_send_pubkey: signing failed: agent refused operation
user@domain1.com@domain2.com: Permission denied (password,publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
```
- Tower: ``` sign_and_send_pubkey: signing failed: agent refused operation user@domain1.com@domain2.com: Permission denied (password,publickey). fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
```
We're using Azure DevOps and it only supports RSA keys of 2048 bits.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
27 Replies
PS: looking at the Homebrew path @smanojkarthick is probably using an M1 Mac. I'm still on Intel.
(not sure whether that matters)
I'm using the default
sshfrom macOS Big Sur 11.6.4:
➜ which ssh
/usr/bin/ssh
➜ ssh -V
OpenSSH_8.1p1, LibreSSL 2.7.3
I'm using the default SSH client on macOS Monterrey/Big Sur. I'm able to reproduce this on both systems.
- Monterrey machine:
OpenSSH_8.6p1, LibreSSL 2.8.3 - Big Sur machine:
OpenSSH_8.1p1, LibreSSL 2.7.3
I also gave it a shot using the openssh https://formulae.brew.sh/formula/openssh#default from homebrew and noticing the same behaviour :
```
❯ which ssh
/opt/homebrew/bin/ssh❯ ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021❯ SSH_AUTH_SOCK="$HOME/.1password/agent.sock" ssh-add -l
256 SHA256:(ED25519)
256 SHA256:(ED25519)
256 SHA256:(ED25519)
```- Monterrey machine:
K_J__1P1Password Team
Thanks for testing! I appreciate your feedback. RSA keys are expected to work and this is a surprising issue. I appreciate your detailed response.
Are you able to share your OpenSSH version?
$ ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021
The Public Exponent is the same for my key.
However, my RSA 2048 key does show up in the output of
ssh-add -l.Still I cannot use the 1Password SSH agent with this key.
We use RSA-2048 keys in PEM Format with AWS and they don't seem to work with the 1Password Agent. It gets imported into the app but the agent does not seem to offer them. I checked the public exponent and it seems to be fine too. I https://1password-devs.slack.com/archives/C032QPCFK0B/p1644968700252969?thread_ts=1644958080.557249&cid=C032QPCFK0B this on the Slack channel and they asked me to open a support issue with diagnostics - While I create a support ticket, I figured I would add to more context here since this seems to be a similar issue.
Some details that might be useful:
Public Exponent:
❯ openssl rsa -text -in ~/.ssh/key.pem | grep publicExponent
writing RSA key
publicExponent: 65537 (0x10001)
❯ head -n1 ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
These are the entries on the 1Password App. You can see six keys in total, three are Ed25519 and the others are RSA 2048bit
This is the output when I try to list the keys available in the 1Password agent. The Ed25519 keys are offered but the RSA 2048 ones are not.
PS: even after not using the 1Password SSH agent for our Azure DevOps server I still get an error which I did not have before yesterday:
➜ git pull
sign_and_send_pubkey: signing failed: agent refused operation
Already up to date.
