Bug: SSH agent cannot be used when connected via Remote Desktop

outadocoutadoc
Community Member
edited April 9 in SSH

I'm using the 1Password 8 Windows beta with the SSH agent enabled and configured with a couple SSH keys. When functioning normally, 1Password asks for a Windows Hello PIN to unlock my SSH keys, and everything works fine.

However, when connected to my PC via Microsoft Remote Desktop (with the official client on macOS, if that makes a difference), I cannot unlock my SSH key. 1Password asks for my master password, which I provide, but the SSH agent refuses the operation.

With git, for example:

sign_and_send_pubkey: signing failed: agent refused operation
sign_and_send_pubkey: signing failed: agent refused operation
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

1Password Version: 8.7.0
Extension Version: Not Provided
OS Version: Windows 11 build 21H2

Comments

  • floris_1Pfloris_1P

    Team Member
    edited April 12

    Do you see anything appear in the 1Password logs when you run the failing SSH command? On Windows: %LOCALAPPDATA%/1Password/logs.

    And when using RDP, does the regular 1Password unlock work with Windows Hello? Or is it only SSH that's failing?

  • outadocoutadoc
    Community Member

    Hi,

    I believe these log lines are relevant:

    ERROR 2022-04-16T21:27:33.605 op_executor:invocation_loop(ThreadId(22)) [1P:C:\builds\dev\core\core\op-ui\src\item_action\mod.rs:106] ItemWithIdNotFound(ItemId(743))
    INFO  2022-04-16T21:27:34.149 tokio-runtime-worker(ThreadId(12)) [1P:op-app\src\app\backend\unlock.rs:241] System unlock was attempted but we cannot use it.
    WARN  2022-04-16T21:27:34.155 tokio-runtime-worker(ThreadId(10)) [1P:op-app\src\app\backend\lock_screen.rs:71] Biometry is unavailable: BiometryUnavailable
    

    And when using RDP, does the regular 1Password unlock work with Windows Hello? Or is it only SSH that's failing?

    When using RDP, I cannot unlock 1Password with Windows Hello either, but it falls back to asking for my master password. When using SSH, there's no password fallback, just an error, which makes my keys unusable.

  • floris_1Pfloris_1P

    Team Member

    Unfortunately there's nothing we can do about this at this very moment moment. However, we are working on an alternative prompt that doesn't require Windows Hello, which can also be used here.

  • outadocoutadoc
    Community Member

    Great, thank you!

    I forgot to mention it but when using an SSH key on macOS, when Touch ID is unavailable (i.e. when the laptop lid is closed), 1Password properly prompts for the master password instead. These two flows seem like they should be identical.

  • floris_1Pfloris_1P

    Team Member

    Correct, on macOS there is already a fallback in place (which will be improved as well with the work we're doing for Windows and Linux).

  • mxkmxk
    Community Member

    Is there an update on when the fallback will be implemented for Windows? Would that also remove the requirement for having Windows Hello enabled at all?

  • floris_1Pfloris_1P

    Team Member

    @mxk I can't make any promises on timelines, but I can tell you that it's high on our list, with designs being finalized at the moment. And yes: that will fully remove the Hello requirement!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file