1Password asking for permission each time
Comments
-
This content has been removed.
-
if you have git configured to use an ssh key for signing or you do a push to GitHub or something using ssh, then yes, you'll have to approve it the first time you do a commit or a push in a vscode terminal. it also happens again after some timeout period.
Personally I don't see the issue. Until recently I had a 2015 iMac and I had to type in the password on these occasions. I did. I did not get mad.
Now I have an M1 Pro MBP and I can either use my watch to approve or use Touch ID to approve. I do. I do not get mad.
The timeout period always seems reasonable to me. It doesn't require it each time, and I'm using it for ssh, for git signing, and for GitHub.
I also haven't had any issues with Face ID on iOS using 1Password 8, but maybe I'm just lucky.
0 -
This content has been removed.
-
Hi all, the addition of asking per application is great.
However I noticed that 1Password isn't saving this settings, every time 1P is killed (either by reboot or stopping it completely).
I am currently running: 1Password for Linux 8.10.0 (81000009)0 -
This content has been removed.
-
As a paying client and a fan boy, I absolutely say that we need a far easier alternative, even if it means less secure, for people sitting on Ubuntu as their main development machine. Not server. But also not a Mac laptop featuring easy fingerprint unlock.
Imagine having to type ubuntu password 5 times just to open project in vs code, run docker and run composer install (private packages). It kills me to the point that I might just as well use the good old static file.
I think less safe option of whitelisting or just unlocking ssh agent for all, or unlocking once with password and then simply asking yes/no to confirm would be better. It really sucks that big time.
PS. I was on windows, but as amazing WSL 2 is, running developing natively on ubuntu just flies. And finally it unlocks the opportunity to use safer things. But not at this price where I'm actually wasting time typing the password...
Unfortunately there are no fingerprint drivers for me.
0 -
This content has been removed.
-
Hi @sitepodmatt / @julemand:
Thanks for your feedback on this. While I can't promise anything, we're exploring additional options.
Would you mind sharing which channel of 1Password you're using (production, beta, nightly)?
Jack
0 -
Hey @Jack.P_1P, I am on the beta channel.
I share the same sentiment as @julemand and @sitepodmatt, without a fingerprint scanner like Macs have it's quite the hassle to have to enter the password so often.
0 -
Hey @Jack.P_1P, I just updated to
1Password for Linux 8.10.0 (81000012)
and the setting does persist now.
Thanks!This at least saves some time entering passwords when working in tmux.
0 -
This content has been removed.
-
This prompt requesting my approval to access a SSH key every time I open an application is really, really, reeeeeally annoying!
0 -
Thank you, @Jack.P_1P!
0 -
I would really appreciate an option for requiring authorization only once for all applications on Linux, combined with the already existing options for how long the authorization should be remembered.
I usually close my terminal application(which i use for my ssh workflows) whenever im not using it, and it gets annoying having to input my password every time I do that since the current settings are not really remembered per application, but per each process.
0 -
I'm using Linux, and working with IntelliJ. I have turned on using SSH keys for signing.
IntelliJ asks me all the time about my signing key password. In addition to that, doing git operations in my terminal asks me too.
If I'm going to guess, I would think that I'm typing the password 10-15 times day, compared to the old fashioned way with ssh-agent and gpg keys for signing. I have decided to turn 1password ssh functionality off, because this is just too much, unfortunately.
Hope this gets fixed, as I would like to use this feature.
0 -
@barneydesmond @hstenzel @addy @Stefan_Schulte @psagers @voltboyee @yboulkaid @CRCinAU @repoles @lilyes @mangotre
Thanks all for your patience and feedback. We've been exploring different options to allow for an authorization model that's more like the standard OpenSSH agent, and we have something for you to try out! If you're interested to take it for a spin, you can find more information in our Developer Slack workspace.
-1 -
This feature is so good! Thank you for polishing it. Allowing ssh key access just by a fingerprint feels amazing.
0 -
Thank you so much for developing this feature. It is very convenient and easy to use...if you're in front of your computer.
Unfortunately, signing Git commits or using SSH keys this way is a GIGANTIC hassle if you're connected remotely. It's basically unusable in this use case.
I often connect to my computer at home (running the 1Password
ssh-agent
) from my iPad via Blink Terminal. Every time I need to sign a commit or use a password with theop
CLI, I have to VNC into my computer, log in and interact with 1Password to finish the transaction.Sometimes git or ssh will time out waiting on me to do this, as this is very hard to do over low-bandwidth connections.
It would be much more ideal if 1Password sent a beacon to all of my logged-in devices whenever it needed authorization to use a key or something.
0 -
First, I see there have already been some improvements since this feature was launched, so thanks for that!
Still, I think there's a better model that would provide good access control while staying simple to use: permanent (even after 1P closing), per-application approvals.
Implementation-wise, I imagine once an application got approved, either its path (less secure) or file hash (more secure) would be stored as trusted and not prompted again. This would allow easily restricting access only to the expected apps, without prompting too often; only after an update that changes the path/hash would the app need to be re-approved.
0 -
The idea for this feature is quite great, the implementation however is extremely annoying. After a couple of weeks trying it, I ended up disabling it. Typing my password every 5 minutes is just too much.
1 -
firstly I strongly agree that asking password every time is too much and on every commit even if 1password is already unlock, so I decided to disable that feature (until you improve the behaviour if you do because it seems to exist since a while now) and use the old way with ssh keys store as a file in .ssh folder.
I was about to get crazy trying to unlink 1password from Sourcetree and cannot find any explanation about that on the web so I'm posting this here for people like me because I lost so much time to figure it out.Inside
~/.ssh/config
remove:Host \* IdentityAgent "~/Library/Group Containers/xxx.com.1password/t/agent.sock"
in
~/.gitconfig
remove thesigningkey
andgpgsign = true [gpg] format = ssh [gpg "ssh"] program = /Applications/1Password.app/Contents/MacOS/op-ssh-sign
You can now use SSH in the old way without 1Password.
Hope this will help someone.3 -
Thank you so much, @antfly! You're a lifesaver.
Adding my SSH keys to 1Password has been the biggest waste of time ever.0 -
I'm thinking of disabling it, since it keeps asking me for the touch id during background git pulls from VS Code and when I run any git command on Warp. I want to be able to authorize by application for at least a week or something, doing it multiple times a day really disrupts my work.
0 -
I also suffer from the problem where my clients fetch in the background and it prompts me every time. are there any news about a fix/workaround for this?
0