Agent stops working until reboot

altano
altano
Community Member
edited May 2022 in SSH

I setup 1Password ssh w/ Agent yesterday on two machines, Win11 and macOS. It worked perfectly.

Today when I woke up the Win11 machine's 1Password agent was no longer working. My diagnostic steps were:

✅ Open the 1Password GUI and see my SSH key

ssh-add -l shows the correct key:

PS C:\> ssh-add -l
256 SHA256:<redacted>  (ED25519)
...

❌ Attempt to ssh into github:

PS C:\> ssh -vvvT git@github.com
...
debug1: Will attempt key:  ED25519 SHA256:<redacted> agent
...
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key:  ED25519 SHA256:<redacted> agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key:  ED25519 SHA256:<redacted> agent
debug3: sign_and_send_pubkey: ED25519 SHA256:<redacted>
debug3: sign_and_send_pubkey: signing using ssh-ed25519
sign_and_send_pubkey: signing failed: agent refused operation
...
alan@<redacted>: Permission denied (publickey,password).

Disable the Agent:
1Password -> Settings -> Developer -> Uncheck "Use the SSH agent" -> Close
1Password -> Settings -> Developer -> CHECK "Use the SSH agent" -> Close
❌ Attempt to ssh into github again

Quit 1Password:
Right-click system tray icon -> Quit
Verify no 1Password.exe processes were in Task Manager
❌ Attempt to ssh into github again

Every failed attempt to sign in had this log entry in %LOCALAPPDATA%\1Password\logs\1Password_rCURRENT.log:

INFO  2022-02-27T14:47:16.086 tokio-runtime-worker(ThreadId(17)) [1P:ssh\op-ssh-agent\src\lib.rs:299] Session was not authorized

Verify that I can use ssh from macOS still:
✅ Works perfectly, can ssh to github and my personal server

Give up and reboot:
Reboot Win11
Launch 1Password
Unlock 1Password GUI using PW
Re-attempt ssh => Enter PIN at Windows Hello prompt (which I was NOT seeing before)
✅ SSH connects via 1Password agent. All is well.

If this happens again, are there other steps I can take that are less drastic then rebooting to try and unstick things? Might help with finding the root cause as well.

1Password Version: 8.6.0 (80600043, on BETA channel)
Extension Version: Not Provided
OS Version: Windows 11 21H2

Comments

  • asmerkin
    asmerkin
    Community Member

    I have the same issue. Can I get an answer here? If I reboot, then it works again, but I have to do it. and sometimes It's hard to reboot in the middle of something.

  • Ryan Parman
    Ryan Parman
    Community Member

    Same thing happened to me yesterday. Wanted to report it.

  • floris_1P
    floris_1P

    What can happen with Windows Hello is that it's waiting for an existing dialog to close. Windows Hello only allows for a single dialog to be shown at a time, but they're not guaranteed to always be in front of every other window. So next time this happens, could you check if there's an existing Windows Hello dialog somewhere in the background?

  • Ryan Parman
    Ryan Parman
    Community Member
    edited May 2022

    On macOS, if I tail the logfile ~/Library/Group\ Containers/2BUA8C4S2C.com.1password/Library/Application\ Support/1Password/Data/logs/1Password_rCURRENT.log, I see:

    ERROR 2022-05-31T13:42:42.598 tokio-runtime-worker(ThreadId(5)) [1P:op-automated-unlock/src/lib.rs:294] Failed to authorize using system biometry: FailedToUnlockWithKeys(BiometryUnavailable)
INFO  2022-05-31T13:42:42.599 tokio-runtime-worker(ThreadId(5)) [1P:ssh/op-ssh-agent/src/lib.rs:411] Session was not authorized

    This happens despite having Touch ID as well as Apple Watch auth enabled. Is there any way to only reboot the process that manages this? I'm not always able to stop everything and reboot every time this feature feels like being finicky.

    • macOS 12.5 Beta (21G5027d)
    • 1Password for Mac 8.8.0 (80800117, on NIGHTLY channel)
  • Ryan Parman
    Ryan Parman
    Community Member

    Ping. Happened to me again this morning. Only solution I can find is a full reboot of my Mac.

  • MartonS1P
    MartonS1P

    Thanks for informing us of this bug @Ryan Parman!

    We will look into it. In the meantime, as a workaround, you could try quitting 1Password from the Activity Monitor and re-opening it (instead of rebooting your entire system) in case you run into this issue again.

  • Ryan Parman
    Ryan Parman
    Community Member

    I've tried that (that was the first thing I tried, actually). No dice. :(

    Not sure if it helps, but it seems that 1Password loses access to (and/or forgets about) Touch ID all-together.

This discussion has been closed.