Unable to use 1Password SSH agent at work (RSA 2048, Azure DevOps)

Yes, I'm already running that. Works great! Thank you!

XIII An update on ssh-rsa: the latest 1Password beta now supports this, so you should be able to use the SSH agent with Azure DevOps.

This issue wasted a lot of time for me yesterday as I couldn't determine why SSH 1password was failing and ended up exploring lots of different things before figuring out it was a 1password update that had broken my workflow. Switched to nightly build has fixed.

Here are two related issues:
https://developercommunity.visualstudio.com/t/Support-non-RSA-keys-for-SSH-authenticat/365980
https://developercommunity.visualstudio.com/t/Git-SSH-access-offers-weak-algorithms-r/1547526

They both highlight that ADO's support for modern SSH keys and encryption standards is lacking. If you're prevented from using 1Password for SSH because of ADO's limitations perhaps you can upvote those issues.

No problem! I'm glad it's working for you!

I installed a polkit agent and turned on system authentication. It now prompts me for my system password when using SSH keys and the functionality is perfect. Thank you very much for the help. I completely missed the info box on system authentication in the documentation.

At this time, it is a requirement on Linux and Windows. This is something we would like to improve. It's very easy to miss in the documentation (also an area for improvement). Let me know if I can help further!

https://developer.1password.com/docs/ssh/get-started#:~:text=To%20use%20the%201Password%20SSH%20agent%20on%20Linux

Apologies for posting a different issue in the thread. I thought it looked similar.

I do not have system authorisation turned on. Is it a requirement for the SSH agent?

@ant59 This appears like a different issue than mentioned earlier in the thread. The previous issue was for ssh-rsa (RSA with SHA1), however, the log you shared looks like ssh-ed25519 was being used and that algorithm is supported.

Thanks for sharing the 1Password logs. It seems like the issue is that 1Password thinks that the user has been prompted and they dismissed the prompt. Do you have system authorization enabled in 1Password and is it working when unlocking 1Password? Thanks!

https://support.1password.com/system-authentication-linux/

Seeing the same issue after restarting my computer.


❯ ssh -vvvT git@github.com
OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021
...
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ED25519 SHA256:2uM6MfX+6Vy3M2nmg0jMZH53KiHmh01+5/67BROjeUc agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: ED25519 SHA256:2uM6MfX+6Vy3M2nmg0jMZH53KiHmh01+5/67BROjeUc agent
debug3: sign_and_send_pubkey: ED25519 SHA256:2uM6MfX+6Vy3M2nmg0jMZH53KiHmh01+5/67BROjeUc
debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:2uM6MfX+6Vy3M2nmg0jMZH53KiHmh01+5/67BROjeUc
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
debug1: Offering public key: ED25519 SHA256:NzlMuRTTFQA++mNliWTcmbGWZGvloFijRU9UAGHCrH4 agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: ED25519 SHA256:NzlMuRTTFQA++mNliWTcmbGWZGvloFijRU9UAGHCrH4 agent
debug3: sign_and_send_pubkey: ED25519 SHA256:NzlMuRTTFQA++mNliWTcmbGWZGvloFijRU9UAGHCrH4
debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:NzlMuRTTFQA++mNliWTcmbGWZGvloFijRU9UAGHCrH4
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
...
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).



❯ uname -a
Linux 5.16.10-arch1-1 #1 SMP PREEMPT Wed, 16 Feb 2022 19:35:18 +0000 x86_64 GNU/Linux



❯ cat 1Password_rCURRENT.log
...
INFO 2022-02-21T10:58:58.910 op_executor:invocation_loop(ThreadId(22)) [1P:op-app/src/app/backend/unlock.rs:89] Lock state changed: Unlocked
INFO 2022-02-21T11:06:12.378 tokio-runtime-worker(ThreadId(7)) [1P:ssh/op-ssh-agent/src/lib.rs:290] Session was not authorized
INFO 2022-02-21T11:06:12.502 tokio-runtime-worker(ThreadId(14)) [1P:op-automated-unlock/src/lib.rs:389] New unlock was suppressed because a previous unlock was rejected or the lock screen was displayed.
INFO 2022-02-21T11:06:12.502 tokio-runtime-worker(ThreadId(14)) [1P:ssh/op-ssh-agent/src/lib.rs:290] Session was not authorized


Tried restarting 1Password. Tried restarting PC. Nothing seems to work. 1Password refuses to sign. 1Password is open and unlocked.

Any progress made on this?