[wayland] signign failed: agent refused operation

After enabling the ssh agent (with or without the key name option) and editing ~/.ssh/config, I tried the suggested command and got the following output (without any prompt from 1password). 1password was running with an open window and unlocked.

$ ssh -T git@github.com sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation git@github.com: Permission denied (publickey).

Here's a truncated snippet from the verbose output that indicated that git was indeed getting the key from 1password.

$ ssh -T git@github.com -vvv ... debug1: Reading configuration data /home/andrea/.ssh/config debug1: /home/andrea/.ssh/config line 1: Applying options for * ... debug1: Will attempt key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent ... debug1: Offering public key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent ... debug1: Server accepts key: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc agent debug3: sign_and_send_pubkey: ED25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:u+azOc2MbA21U3SSq2Lj768c6ApkOV5f9wCmnPLLFkc sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation ... git@github.com: Permission denied (publickey).

Some information about my sistem:

os: archlinux
kernel: linux 5.16.9
wayland compositor: river 0.2.0-dev-8943307
1password version: 8.6.0_6.BETA-6
openssh version: 8.8p1
git version: 2.35.1

1Password Version: 8.6.0_6.BETA-6
Extension Version: Not Provided
OS Version: linux 5.16.9

SSH

17 Replies

mjec
New Contributor
4 years ago
Thanks for the speedy response floris_1P! I was seeing agent refused operation but that appears to have gone away today. Apologies for the false alarm. I think something was wrong with my polkit setup.
floris_1P
1Password Team
4 years ago
mjec So you're seeing agent refused operation on every SSH request? If so, do you see anything in the 1Password logs appear when you run a failing SSH command? On Linux: $HOME/.config/1Password/logs.

Or could it be that you're seeing Too many authentication failures?
mjec
New Contributor
4 years ago
It looks like this issue is back with 1Password 8.7.0-49.BETA and OpenSSH_9.0p1, OpenSSL 1.1.1n 15 Mar 2022. Explicitly specifying an identity (ssh -i) works around it for me.
Former Member
4 years ago
It worked for me after removing github entry from ~/.ssh/known_hosts
Former Member
4 years ago
With the 8.6.0_68.BETA-68 update it now works correctly.
Thank you very much for the support.
Former Member
4 years ago
After the update to 8.6.0_51.BETA-51 the behaviour is back to the one of the first post.
The only difference is that now the username@hostname is correctly shown in the error:

$ ssh -T git@github.com sign_and_send_pubkey: signing failed for ED25519 "lupolucio@spettro" from agent: agent refused operation git@github.com: Permission denied (publickey).

After seeing another post I've tried the following:

$ ssh-add -l Could not open a connection to your authentication agent.
Former Member
4 years ago
floris_1P is this the same as building from git? I'm supposedly on the latest version (80600043, on BETA channel) and this is still not fixed, I can't see the release channel in Arch though.
floris_1P
1Password Team
4 years ago
For those using OpenSSH 8.9: we've made some improvements to the SSH agent which should also fix this issue. It'll be available in the next beta update, but if you want to try it now already, you can switch to the Nightly release channel from the 1Password 8 preferences: .
Former Member
4 years ago
I started seeing this issue around the same time as the beta 8.6.0_43.BETA-43, some time in the middle of the week. Unfortunately reverting to the previous 1P beta #26 did not fix the issue. I still got the following log messages as also reported above.

~ ᐅ ssh -T git@github.com -vvv ... debug2: get_agent_identities: ssh_agent_bind_hostkey: communication with agent failed debug1: get_agent_identities: ssh_fetch_identitylist: communication with agent failed ... git@github.com: Permission denied (publickey).

Since reverting the 1Password update didn't restore the old working state, my troubleshooting lead me to realize that the Arch openssh package was updated from v8.8p1 to v8.9p1 around the same time. Reverting to the version in the Arch repo archives dated 2022/02/22 restored the old working behavior. I haven't taken the time to track down exactly why this downgrade fixes this issue since the workaround of downgrading the package is working for me for the time being.
Former Member
4 years ago
After the update to 8.6.0_43.BETA-43 I got the following output, even after disabling the agent, deleting the socket file, rebooting and enabling everything again.

$ ssh -T git@github.com -vvv ... debug2: get_agent_identities: ssh_agent_bind_hostkey: communication with agent failed debug1: get_agent_identities: ssh_fetch_identitylist: communication with agent failed ... git@github.com: Permission denied (publickey).