SSH setup on Windows - Permission Denied error

Community Member
edited September 9 in SSH

I've been working to set up my SSH agent with 1Password as per today's release on my computers. I was able to set it up on macOS, but Windows is giving me an issue where the ssh agent can't find the key generated by 1Password. Running the test command ssh -T [email protected] simply yields the [email protected]: Permission denied (publickey). error.

What's the best practice to set this up in the case where 1Password generated the ssh key?

GitHub does have my key. To be clear, this works on my macOS devices, but not on Windows.

1Password Version: 8.9.5
Extension Version: Not Provided
OS Version: Windows 11 Pro for Workstations
Browser:_ Chrome


  • floris_1Pfloris_1P

    Team Member

    Could you provide the output of:

    ssh -vT [email protected]

    And of:

    ssh-add -l
  • TallonRainTallonRain
    Community Member

    Certainly. The output is as follows:

    ❯ ssh -vT [email protected]
    OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3
    debug1: Reading configuration data C:\\Users\\Kyle/.ssh/config
    debug1: C:\\Users\\Kyle/.ssh/config line 1: Applying options for *
    debug1: Connecting to [] port 22.
    debug1: Connection established.
    debug1: identity file C:\\Users\\Kyle/.ssh/id_rsa type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_rsa-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ecdsa type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ecdsa-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ecdsa_sk type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ecdsa_sk-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ed25519 type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ed25519-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ed25519_sk type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ed25519_sk-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_xmss type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_xmss-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_dsa type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_dsa-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.9
    debug1: Remote protocol version 2.0, remote software version babeld-81baa361
    debug1: compat_banner: no match: babeld-81baa361
    debug1: Authenticating to as 'git'
    debug1: load_hostkeys: fopen C:\\Users\\Kyle/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ssh-ed25519
    debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
    debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: SSH2_MSG_KEX_ECDH_REPLY received
    debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
    debug1: load_hostkeys: fopen C:\\Users\\Kyle/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
    debug1: Host '' is known and matches the ED25519 host key.
    debug1: Found key in C:\\Users\\Kyle/.ssh/known_hosts:1
    debug1: rekey out after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey in after 134217728 blocks
    debug1: get_agent_identities: ssh_get_authentication_socket: No such file or directory
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_rsa
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_ecdsa
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_ecdsa_sk
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_ed25519
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_ed25519_sk
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_xmss
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_dsa
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_rsa
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_ecdsa
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_ecdsa_sk
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_ed25519
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_ed25519_sk
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_xmss
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_dsa
    debug1: No more authentication methods to try.
    [email protected]: Permission denied (publickey).
    ❯ ssh-add -l
    256 SHA256:iDHYAgQKPtwY3Jv6LyqfDZ6iZIhmL3So0we+EN88wQ4 1Password SSH Key (ED25519)
  • TallonRainTallonRain
    Community Member

    Hi there, any suggestions?

  • floris_1Pfloris_1P

    Team Member

    Could you share your SSH config?

  • TallonRainTallonRain
    Community Member

    In the /.ssh config file:

    Host *
        IdentityAgent "~/.1password/agent.sock"
  • floris_1Pfloris_1P

    Team Member

    Ah, that explains the error that you're seeing. In OpenSSH for Windows, the agent communication does not happen over a socket like it does on macOS or Linux, but over the \\.\pipe\openssh-ssh-agent pipe.

    This actually happens automatically, so you don't have set IdentityAgent in your SSH config. Could you try removing that snippet and run the SSH command again?

  • TallonRainTallonRain
    Community Member
    edited September 13

    Ah-ha, that did it. Interesting, I believe I added that erroneous config as a troubleshooting step, but as you say it's working automatically now that it has been removed. Thanks for the help!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file