[wayland] signign failed: agent refused operation

After enabling the ssh agent (with or without the key name option) and editing ~/.ssh/config, I tried the suggested command and got the following output (without any prompt from 1password). 1password was running with an open window and unlocked.

$ ssh -T git@github.com sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation git@github.com: Permission denied (publickey).

Here's a truncated snippet from the verbose output that indicated that git was indeed getting the key from 1password.

$ ssh -T git@github.com -vvv ... debug1: Reading configuration data /home/andrea/.ssh/config debug1: /home/andrea/.ssh/config line 1: Applying options for * ... debug1: Will attempt key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent ... debug1: Offering public key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent ... debug1: Server accepts key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent debug3: sign_and_send_pubkey: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation ... git@github.com: Permission denied (publickey).

Some information about my sistem:

os: archlinux
kernel: linux 5.16.9
wayland compositor: river 0.2.0-dev-8943307
1password version: 8.6.0_6.BETA-6
openssh version: 8.8p1
git version: 2.35.1

1Password Version: 8.6.0_6.BETA-6
Extension Version: Not Provided
OS Version: linux 5.16.9

SSH

17 Replies

Former Member
4 years ago
Sounds like we're configured identically, then! Other than I'm using Sway, rather than River.

Hopefully someone from the 1Password team can help with further debugging steps, since I also noticed that the logs do not seem to provide much help in this scenario.
Former Member
4 years ago
"Unlock using system authentication service" was (and is) enabled.
The polkit agent is launched at login, immediately before running 1password --silent.
Former Member
4 years ago
Do you also have the "Unlock using system authentication service" setting under Settings > Security in the 1Password app enabled?

I found that I needed that checked, and that the polkit authorization agent installed before it started to work. Otherwise I noted the same behavior that you did.
Former Member
4 years ago
Thanks for the answer, but I'm actually running that exact polkit agent.
Former Member
4 years ago
Having run into this myself, it's potentially because you do not have a polkit authentication agent installed or running. See https://wiki.archlinux.org/title/Polkit#Authentication_agents for more details.

I ended up picking polkit-gnome and just make sure that I start /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 in the background before attempting to use the SSH Agent.

See if starting one of those authentication agents helps your situation.
Former Member
4 years ago
Nope, no logs, not even in the subdirectories.

```
logs $ pwd
/home/lupolucio/.config/1Password/logs

logs $ tree
[4.0K] .
├── [4.0K] BrowserSupport
│   ├── [4.0K] KeyringHelper
│   └── [ 880] 1Password_rCURRENT.log
├── [4.0K] KeyringHelper
│   └── [ 130] 1Password_rCURRENT.log
└── [ 101] 1Password_rCURRENT.log

logs $ ssh -T mailto:git@github.com
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
mailto:git@github.com: Permission denied (publickey).

logs $ tree
[4.0K] .
├── [4.0K] BrowserSupport
│   ├── [4.0K] KeyringHelper
│   └── [ 880] 1Password_rCURRENT.log
├── [4.0K] KeyringHelper
│   └── [ 130] 1Password_rCURRENT.log
└── [ 101] 1Password_rCURRENT.log

logs $ cat 1Password_rCURRENT.log
INFO 2022-02-22T13:38:00.466 ThreadId(6) [client:typescript] 1Password is already running, closing.

logs $ cat KeyringHelper/1Password_rCURRENT.log
INFO 2022-02-22T13:38:00.754 main(ThreadId(1)) [1P:foundation/op-linux/src/bin/keyring_helper.rs:133] initalizing keyring helper

logs $ cat BrowserSupport/1Password_rCURRENT.log
INFO 2022-02-22T13:39:58.503 main(ThreadId(1)) [1P:native-messaging/op-browser-support/src/main.rs:148] Starting 1Password-BrowserSupport 8.6.0-6.BETA production build no. 80600006.
INFO 2022-02-22T13:39:58.503 main(ThreadId(1)) [1P:native-messaging/op-browser-support/src/browser_verification/linux.rs:31] Verifying browser "/usr/lib/firefox/firefox"
INFO 2022-02-22T13:39:58.506 main(ThreadId(1)) [1P:native-messaging/op-browser-support/src/browser_verification/linux.rs:45] Browser "/usr/lib/firefox/firefox" verified successfully
INFO 2022-02-22T13:39:58.506 main(ThreadId(1)) [1P:native-messaging/op-browser-support-lib/src/communication_logic.rs:119] Starting SLS communication (attempting connection to desktop app)
INFO 2022-02-22T13:39:58.510 main(ThreadId(1)) [1P:native-messaging/op-browser-support-lib/src/communication_logic.rs:184] Connected to the desktop app
```
floris_1P
1Password Team
4 years ago
Do you see anything appear in $HOME/.config/1Password/logs when invoking the SSH request?

Forum Discussion

[wayland] signign failed: agent refused operation

17 Replies

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

1PW extension bug: autofill theme detection fails when using oklch color scheme

Environments with custom text file

allowed-signers file not created

FeatureRequest: SSH Agent Key access confirm

Support for SSH Certificates (2024)