Agent stops working until reboot

altano
altano
Community Member
edited May 2022 in SSH

I setup 1Password ssh w/ Agent yesterday on two machines, Win11 and macOS. It worked perfectly.

Today when I woke up the Win11 machine's 1Password agent was no longer working. My diagnostic steps were:

✅ Open the 1Password GUI and see my SSH key

ssh-add -l shows the correct key:

PS C:\> ssh-add -l
256 SHA256:<redacted>  (ED25519)
...

❌ Attempt to ssh into github:

PS C:\> ssh -vvvT git@github.com
...
debug1: Will attempt key:  ED25519 SHA256:<redacted> agent
...
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key:  ED25519 SHA256:<redacted> agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key:  ED25519 SHA256:<redacted> agent
debug3: sign_and_send_pubkey: ED25519 SHA256:<redacted>
debug3: sign_and_send_pubkey: signing using ssh-ed25519
sign_and_send_pubkey: signing failed: agent refused operation
...
alan@<redacted>: Permission denied (publickey,password).

Disable the Agent:
1Password -> Settings -> Developer -> Uncheck "Use the SSH agent" -> Close
1Password -> Settings -> Developer -> CHECK "Use the SSH agent" -> Close
❌ Attempt to ssh into github again

Quit 1Password:
Right-click system tray icon -> Quit
Verify no 1Password.exe processes were in Task Manager
❌ Attempt to ssh into github again

Every failed attempt to sign in had this log entry in %LOCALAPPDATA%\1Password\logs\1Password_rCURRENT.log:

INFO  2022-02-27T14:47:16.086 tokio-runtime-worker(ThreadId(17)) [1P:ssh\op-ssh-agent\src\lib.rs:299] Session was not authorized

Verify that I can use ssh from macOS still:
✅ Works perfectly, can ssh to github and my personal server

Give up and reboot:
Reboot Win11
Launch 1Password
Unlock 1Password GUI using PW
Re-attempt ssh => Enter PIN at Windows Hello prompt (which I was NOT seeing before)
✅ SSH connects via 1Password agent. All is well.

If this happens again, are there other steps I can take that are less drastic then rebooting to try and unstick things? Might help with finding the root cause as well.

1Password Version: 8.6.0 (80600043, on BETA channel)
Extension Version: Not Provided
OS Version: Windows 11 21H2

Comments

  • tred27
    tred27
    Community Member

    I'm having the same issue in Arch but rebooting doesn't help, it used to work before.

  • altano
    altano
    Community Member

    Just happened to me again. I was able to narrow it down to 1Password not being able to talk to Windows Hello for some reason. When I lock the 1Password vault and try to unlock with Windows Hello I get an error (unlocking via password works fine):

    Oh, okay, I figured it out:

    I have VS Code open and I'm using the Remote SSH extension to remotely open a Linux host. When I resume from sleep it automatically attempts to reconnect. What I didn't notice was that a Windows Hello PIN prompt was opened but NOT in the foreground. It was minimized. While this Windows Hello prompt was open I was getting all the strange behavior above.

    Perhaps, even if you cannot detect this state, you could change the error that gets shown when I click the Windows Hello icon:

    "That didn't work. Check your password and try again."

    to:

    "Could not use Windows Hello. Make sure you don't have a Windows Hello prompt already open." or something

    Thanks!

This discussion has been closed.