[wayland] signign failed: agent refused operation

After enabling the ssh agent (with or without the key name option) and editing ~/.ssh/config, I tried the suggested command and got the following output (without any prompt from 1password). 1password was running with an open window and unlocked.

$ ssh -T git@github.com sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation git@github.com: Permission denied (publickey).

Here's a truncated snippet from the verbose output that indicated that git was indeed getting the key from 1password.

$ ssh -T git@github.com -vvv ... debug1: Reading configuration data /home/andrea/.ssh/config debug1: /home/andrea/.ssh/config line 1: Applying options for * ... debug1: Will attempt key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent ... debug1: Offering public key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent ... debug1: Server accepts key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent debug3: sign_and_send_pubkey: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation ... git@github.com: Permission denied (publickey).

Some information about my sistem:

os: archlinux
kernel: linux 5.16.9
wayland compositor: river 0.2.0-dev-8943307
1password version: 8.6.0_6.BETA-6
openssh version: 8.8p1
git version: 2.35.1

1Password Version: 8.6.0_6.BETA-6
Extension Version: Not Provided
OS Version: linux 5.16.9

SSH

17 Replies

Anonymous
4 years ago
Sounds like we're configured identically, then! Other than I'm using Sway, rather than River.

Hopefully someone from the 1Password team can help with further debugging steps, since I also noticed that the logs do not seem to provide much help in this scenario.
Anonymous
4 years ago
"Unlock using system authentication service" was (and is) enabled.
The polkit agent is launched at login, immediately before running 1password --silent.
Anonymous
4 years ago
Do you also have the "Unlock using system authentication service" setting under Settings > Security in the 1Password app enabled?

I found that I needed that checked, and that the polkit authorization agent installed before it started to work. Otherwise I noted the same behavior that you did.
Anonymous
4 years ago
Thanks for the answer, but I'm actually running that exact polkit agent.
Anonymous
4 years ago
Having run into this myself, it's potentially because you do not have a polkit authentication agent installed or running. See https://wiki.archlinux.org/title/Polkit#Authentication_agents for more details.

I ended up picking polkit-gnome and just make sure that I start /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 in the background before attempting to use the SSH Agent.

See if starting one of those authentication agents helps your situation.
Anonymous
4 years ago
Nope, no logs, not even in the subdirectories.

```
logs $ pwd
/home/lupolucio/.config/1Password/logs

logs $ tree
[4.0K] .
├── [4.0K] BrowserSupport
│   ├── [4.0K] KeyringHelper
│   └── [ 880] 1Password_rCURRENT.log
├── [4.0K] KeyringHelper
│   └── [ 130] 1Password_rCURRENT.log
└── [ 101] 1Password_rCURRENT.log

logs $ ssh -T mailto:git@github.com
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
mailto:git@github.com: Permission denied (publickey).

logs $ tree
[4.0K] .
├── [4.0K] BrowserSupport
│   ├── [4.0K] KeyringHelper
│   └── [ 880] 1Password_rCURRENT.log
├── [4.0K] KeyringHelper
│   └── [ 130] 1Password_rCURRENT.log
└── [ 101] 1Password_rCURRENT.log

logs $ cat 1Password_rCURRENT.log
INFO 2022-02-22T13:38:00.466 ThreadId(6) [client:typescript] 1Password is already running, closing.

logs $ cat KeyringHelper/1Password_rCURRENT.log
INFO 2022-02-22T13:38:00.754 main(ThreadId(1)) [1P:foundation/op-linux/src/bin/keyring_helper.rs:133] initalizing keyring helper

logs $ cat BrowserSupport/1Password_rCURRENT.log
INFO 2022-02-22T13:39:58.503 main(ThreadId(1)) [1P:native-messaging/op-browser-support/src/main.rs:148] Starting 1Password-BrowserSupport 8.6.0-6.BETA production build no. 80600006.
INFO 2022-02-22T13:39:58.503 main(ThreadId(1)) [1P:native-messaging/op-browser-support/src/browser_verification/linux.rs:31] Verifying browser "/usr/lib/firefox/firefox"
INFO 2022-02-22T13:39:58.506 main(ThreadId(1)) [1P:native-messaging/op-browser-support/src/browser_verification/linux.rs:45] Browser "/usr/lib/firefox/firefox" verified successfully
INFO 2022-02-22T13:39:58.506 main(ThreadId(1)) [1P:native-messaging/op-browser-support-lib/src/communication_logic.rs:119] Starting SLS communication (attempting connection to desktop app)
INFO 2022-02-22T13:39:58.510 main(ThreadId(1)) [1P:native-messaging/op-browser-support-lib/src/communication_logic.rs:184] Connected to the desktop app
```
floris_1P
1Password Team
4 years ago
Do you see anything appear in $HOME/.config/1Password/logs when invoking the SSH request?

Forum Discussion

[wayland] signign failed: agent refused operation

17 Replies

Featured discussions

Meet the 1Password team at KubeCon Europe

Recent discussions

1password locks within 10 seconds on High Performance or Dynamic resolution screen share on macOS

Connection reset when `podman login` runs `op`

Introducing new .env file support in 1Password

SSH agent not working from `.ssh/config` in macOS

Multiple account support in op run