Cannot add account to CLI 2.0.0
With CLI version 2 I cannot seem to add an account.
This is what happens:
op account add Enter your sign-in address (example.1password.com): my.1password.com Enter the email address for your account on my.1password.com: [email redacted] [ERROR] 2022/03/17 15:10:42 Couldn't connect to the sign-in address you provided. Check the address and your network connection, then try again.
When I go back to 1.12.4, it works as expected.
Comments
-
Hey @N33T ,
Does the command ask for your secret key and password after email or return the error message right after you enter the email?
edit: It looks like that error message is printed when attempting to check that the signin address can be reached. This step happens before the secret key and password are prompted. Is
my.1password.comthe exact text you are inputting in that step?0 -
Hey @Justin.Yoon_1P,
my.1password.comis the exact text that I am inputting.It could be that it is a DNS issue, we're using an internal DNS server due to policies.
Does CLI v2 have a special way it resolves DNS?When I add an acccount with version 1 and then try to login with version 2 I get the following:
op signin -f Enter the password for [email] at my.1password.com: [ERROR] 2022/03/18 09:44:44 failed to request.DoUnencrypted: Get "https://my.1password.com/api/v2/auth/[redacted]": dial tcp: lookup my.1password.com on [::1]:53: read udp [::1]:33617->[::1]:53: read: connection refused
with v1:
op signin Enter the password for [email] at my.1password.com: export OP_SESSION_my="[redacted]" # This command is meant to be used with your shell's eval function. # Run 'eval $(op signin my)' to sign in to your 1Password account. # Use the --raw flag to only output the session token.
I did make that typo on the other post:
https://1password.community/discussion/127993/cannot-add-account-to-cli-2-0-0#latestSo that one can be removed as I accidentally double posted.
When I try to resolve DNS with our internal DNS server:
nslookup my.1password.com [DNS IP] Server: [DNS IP] Address: [DNS IP]#53 Non-authoritative answer: Name: my.1password.com Address: 34.192.182.4 Name: my.1password.com Address: 75.101.251.99 Name: my.1password.com Address: 34.230.244.235 Name: my.1password.com Address: 54.172.125.106 Name: my.1password.com Address: 54.197.109.118 Name: my.1password.com Address: 2600:1f18:60d5:4e01:9a5a:96db:6156:6d50 Name: my.1password.com Address: 2600:1f18:60d5:4e02:5ea8:d1f5:8833:6473 Name: my.1password.com Address: 2600:1f18:60d5:4e00:e020:a971:c344:3867 Name: my.1password.com Address: 2600:1f18:60d5:4e04:9c92:c5bb:230e:b2b9 Name: my.1password.com Address: 2600:1f18:60d5:4e03:b4cc:ceed:3591:edcb
When I use the IPv6 address of the DNS server
nslookup -query=AAAA my.1password.com [DNS v6 IP] Server: [DNS v6 IP] Address: [DNS v6 IP]#53 Non-authoritative answer: Name: my.1password.com Address: 2600:1f18:60d5:4e00:e020:a971:c344:3867 Name: my.1password.com Address: 2600:1f18:60d5:4e04:9c92:c5bb:230e:b2b9 Name: my.1password.com Address: 2600:1f18:60d5:4e01:9a5a:96db:6156:6d50 Name: my.1password.com Address: 2600:1f18:60d5:4e02:5ea8:d1f5:8833:6473 Name: my.1password.com Address: 2600:1f18:60d5:4e03:b4cc:ceed:3591:edcb
0 -
Hey @N33T
Appreciate the additional info.
Adding the account via op v1 and then trying to sign into it in v2 was a great idea. Using
my.1password.comas the signin address should be completely fine. It seems like requests tomy.1password.comare being rejected, and will need further investigation if the DNS is affecting it.To my knowledge, we have not changed the networking layer such that a DNS would be prohibited in v2. We will continue to look into this problem, stay tuned.
For the time being, would you be able to confirm whether or not adding accounts and signing in with v2 works when the DNS is set to a public one, like Google's? If not due to policy, it is completely fine as well.
0 -
Hi @Justin.Yoon_1P,
unfortunately I cannot change the DNS server due to policy (blocked by firewall).
However I did try and disable IPv6 (on loopback and the nic), since the error seems to be related to the IPv6 localhost port 53.
But that unfortunately gives the same error.1P desktop, 1P browser extension and 1P CLI v1 all work fine.
Is port 53 also used by IPv6 for DNS?
On my machine I don't even see it listening for [::]53, I only see [::]:5355 which seems to be for Link-Local Multicast Name Resolution.0 -
Thanks for the update @N33T
We are still looking into it.
Which OS are you trying to run the CLI on by the way?
0 -
Hi @Justin.Yoon_1P,
I use Arch btw.
At home I also run Arch with the same setup and CLI v2 does work.
It doesn't listen to [::]53 either.0 -
Hey @N33T
We have an Arch user in our company who encountered the same problem, wondering if it may be applicable to your case.
This seems to be a common problem with CLI binaries written in Go - and we don't have a fix on our end yet, but we'll continue looking into it.
Are you configuring DNS with systemd-resolved?
While this individual did not have any custom DNS configured, they did have to do this step in the picture to symlink
resolve.conftostub-resolv.conf:
I am not 100% sure if this applies to you, or if it will fix it for you, but the error message and OS match up so I thought I'd bring it up, please give it a try if it does indeed apply to you and let us know!
0 -
Hi @Justin.Yoon_1P,
Thanks for the link to that part of the arch wiki.
I am indeed using systemd-resolved for DNS.I can confirm that replacing
/etc/resolv.confwith a symlink to/run/systemd/resolve/stub-resolv.confdoes the trick.Thank you very much!
0 -
Hey @N33T
I am very happy to hear that, thank you for the update.
0
