Windows SSH Agent without Windows Hello?

Hey @Guidome:

Thanks for following up. As I mentioned earlier, removing the requirement for Windows Hello is something we're exploring, but I don't have anything to share just yet.

Jack

Jack_P_1P Thanks for the information, I definitively missed that one.
But I am still on that boat for my work machine as, just as the others, my employer does not allow any form of Windows Hello...

Hi @Guidome:

As long as Windows Hello is available (even with just PIN) and configured to unlock 1Password (Settings > Security), you should be able to use your Hello PIN for the 1Password SSH agent. Let me know if that isn't working for you and I can take a closer look.

Jack

+1 here, not using Windows Hello as... I am on a desktop... without fingerprint reader... without IR webcam... I do have a PIN however configured with Windows Hello, but it seems this use case is not supported either!

Hi tomstock / @sitepodmatt / @Mentat / @uncaught:

Thanks for your feedback on this. As my colleague Chris mentioned, we're actively working on this, but I don't have anything to share just yet. Keep an eye out.

Jack

My organization also disables Windows Hello. I would love for the ssh keys to seamlessly work on my workstation without Windows Hello

It's perplexing to me that you guys feel the need to rank the security requirements of the ssh-agent different (and a whole lot stronger) than a whole vault of passwords, credit card numbers, PPI, API keys and so on.. This goes beyond opinionated to mandated with "New processes always require approval"

Please re-think some of this governance and give us the option to opt-out (perhaps via a flag or advanced menu) of some these ridiculous requirements (none of this non-sense in keepass-xc ssh-agent) - lets get rid of the "new processes require approval always" mandating first..

I know it's hard as you reach for the thumb button on your shiny macbook airs at the start of your daily tmux session to consider other people have different workflows and security considerations and security precautions already in place.

@"chris.db_1p"
Thanks for this good news!
I just wanted to add that in my organization (including branches in Germany) Windows Hello is also prohibited, but access is allowed using security keys like Yubikey.
Perhaps this could be an alternative to windows hello too?

I'm wondering whether the use of windows hello is a technical requirement or just convenience for you?

I mean, could the 1password app not prompt for the use of an SSH key itself? Without asking for a password at all, if the app is already unlocked.

@sb22hh Removing the requirement of Windows Hello is something we're actively working on. Stay tuned!