SSH to EC2 - `agent refused operation`

mattcooper
mattcooper
Community Member
edited May 2022 in SSH

I have a problem with accessing an EC2 instance using a private key stored in my private vault.

Steps:

  1. Update ~/.ssh/config with a host i.e.
Host random-host
HostName random-host.com
User ec2-user
IdentityAgent "~/Library/Group Containers/2BUA8GG42C.com.1password/t/agent.sock"
  1. Try to ssh to random-host

1password app prompts to 'Allow Access'

  1. This results in:

sign_and_send_pubkey: signing failed for RSA "random-host" from agent: agent refused operation ec2-user@random-host.com: Permission denied (publickey)

  1. When I list all of the keys available to the agent:

ssh-add -l

The agent has no identities.

Can you help? Not sure which steps I have missed?

Thanks, Matt


1Password Version: Not Provided
Extension Version: 8.6.0
OS Version: Not Provided

Comments

  • Do you see anything appear in the logs when you run the SSH command? On macOS: ~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log

  • dc240
    dc240
    Community Member

    I too am getting this error, but only to one ssh server. All others work with the 1P8 agent. remote server configs are the same (sshd_config/ pam.d/sshd)

    error log:
    ERROR 2022-03-17T08:54:31.638 tokio-runtime-worker(ThreadId(12)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ssh/op-ssh-agent/src/lib.rs:377] Error handling sign request: Key(signing with ssh-rsa is unsupported; SHA-1 may be insecure)

    MacOS 12.3
    1p 8.7 80700004, on NIGHTLY channel

  • @dc240 The latest 1Password beta now has support for ssh-rsa connections. Can you see if it works now?

This discussion has been closed.