Visual Studio Code remote development server and 1Password ssh config

abracadabra
abracadabra
Community Member

On macOS, I have 1Password 8 installed and 1Password 8 CLI v2.

I have git installed.

I have Docker desktop installed.

I'm using visual studio code with the remote development extension. https://code.visualstudio.com/docs/remote/remote-overview

Locally I have configured SSH config ~/.ssh/config to use 1Password as the IdentityAgent. In an attempt to resolve this issue I set the SSH config without restrictions on host:

Host *
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
  ForwardAgent yes

Everything works correctly when working in my local environment, git successfully uses the SSH keys from 1Password.

When using git in the VSCode local terminal, everything works correctly, git successfully uses the SSH keys from 1Password.

However I encounter problems when I use the VSCode remote development extension and run a workspace in a remote container (using Docker Desktop that is installed locally). When I use VSCode to open a remote terminal (That is a terminal running in the linux container on docker desktop), when I run the git command ssh -T git@github.com it fails with the error Permission denied (publickey)., ,git push and pull also fail with the same error.

I've burnt a few hours trying many combinations of settings in both ~/.ssh/config, VSCode settings and the VSCode devcontainer.json configuration. But I can not get git to use the SSH keys stored in 1Password when running in the terminal in the remote container.

There is another post where someone else has the same problem, but no useful information is provided on how to resolve the problem.

Having read the 1Password blog, I remember reading articles about 1Password developers using VSCode and publishing the 1Password vscode extension. Have any 1Password developers successfully configured 1Password SSH with vscode using the remote development extension to run containers on docker desktop??

I can't mount my local ssh agent to the docker container, because vscode seems to prevent it from being mounted.

Any help or suggestions to solve this would be appreciated. It'd be great to have git in the remote container use SSH keys stored locally in 1Password.

Thanks!


1Password Version: 8.8.0
Extension Version: Not Provided
OS Version: macOS 12.5
Browser:_ Not Provided
Referrer: forum-search:Visual Studio Code remote development server and 1Password ssh config

Comments

  • The VS Code Remote Development Extension for Docker Desktop should automatically forward the agent. But I'm guessing it only supports SSH_AUTH_SOCK.

    Could you try quitting VS Code and launching it again from your terminal with SSH_AUTH_SOCK set?

    export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
    code .
    
  • abracadabra
    abracadabra
    Community Member

    Fantastic! That works.

    Thank you, it's great to have a portable development environment :)

  • agenordebriat
    agenordebriat
    Community Member

    I was in the same situation as @abracadabra, but I managed to fix it by configuring SSH_AUTH_SOCK globally for every client.
    Now that I have access to my local SSH keys inside of my remote container, I face one last issue.
    When I try to clone, for instance, using SSH, I'm stuck at "Cloning into 'folder'...". Locally, it'd prompt me for my fingerprint, using Touch ID, but in the container it doesn't do anything. Same thing if I try a "ssh -T git@something.github.com", when i have a something.github.com host configured in my ~/.ssh/config file.
    I tried to uncheck Touch ID in 1password settings, to no avail... Might have nothing to do with this.

    Do you have any clue @floris_1P?

  • @agenordebriat So if I understand correctly, you're saying that ssh -T git@github.com works fine, but ssh -T git@some-host-specified-in-the-ssh-config.github.com does not? If so, then you should make sure those custom Host entries in your local SSH config are available in the Docker container's ~/.ssh/config too, as those won't get 'forwarded' automatically.

  • agenordebriat
    agenordebriat
    Community Member

    That was it! I don't know why I thought it'd be forwarded too.
    Thanks for you quick answer!

This discussion has been closed.