SSH Agent: agent refused operation

rgruyters
rgruyters
Community Member
edited September 2022 in SSH

When trying to use SSH Agent with 1Password on my Ubuntu system (22.04) I get the following message:

sign_and_send_pubkey: signing failed for ED25519 "SSH Key" from agent: agent refused operation

I can see my SSH key with ssh-add -l, but when trying to use it, it doesn't work. The SSH key works fine on my Mac.
Tried rebooting the system, but no luck.

Here is some trace logging from 1password:

DEBUG 2022-09-08T20:44:42.058 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:194] connection received
DEBUG 2022-09-08T20:44:42.059 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:379] Handling SSH agent message: RequestIdentities
TRACE 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db/src/db.rs:284] >transaction #49 (db:Db(0x7fb48a46f5a0, /home/robin/.config/1Password/1password.sqlite))
TRACE 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db/src/db.rs:284] <transaction #49 (db:Db(0x7fb48a46f5a0, /home/robin/.config/1Password/1password.sqlite)) (0.000s)
TRACE 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db-queue/src/operations.rs:1262] >transaction #tx#49(get_objects_by)
DEBUG 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db/src/transaction.rs:57] COMMIT(tx#49(get_objects_by))
TRACE 2022-09-08T20:44:42.059 ThreadId(7) [1P:op-db-queue/src/operations.rs:1262] <transaction #tx#49(get_objects_by) (0.000s)
DEBUG 2022-09-08T20:44:42.337 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:379] Handling SSH agent message: SignRequest
DEBUG 2022-09-08T20:44:42.338 tokio-runtime-worker(ThreadId(1)) [1P:foundation/op-sys-info/src/process_information/linux.rs:57] no process path could be found during verification
DEBUG 2022-09-08T20:44:42.346 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:400] process info for client: SessionProcess { pid: 2521, tty_pid: Some(2523), executable_path: /usr/bin/kitty, command_line: <Vec < String >>, application_name: <String> }
TRACE 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db/src/db.rs:284] >transaction #50 (db:Db(0x7fb48a46f5a0, /home/robin/.config/1Password/1password.sqlite))
TRACE 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db/src/db.rs:284] <transaction #50 (db:Db(0x7fb48a46f5a0, /home/robin/.config/1Password/1password.sqlite)) (0.000s)
TRACE 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db-queue/src/operations.rs:1262] >transaction #tx#50(get_objects_by)
DEBUG 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db/src/transaction.rs:57] COMMIT(tx#50(get_objects_by))
TRACE 2022-09-08T20:44:42.347 ThreadId(7) [1P:op-db-queue/src/operations.rs:1262] <transaction #tx#50(get_objects_by) (0.000s)
TRACE 2022-09-08T20:44:42.348 op_executor:invocation_loop(ThreadId(11)) [1P:op-app/src/app/backend.rs:217] >blocking event loop invoke Invocation(Internal(NextTick(op-app/src/app/backend/automated_unlock.rs:28)))
TRACE 2022-09-08T20:44:42.348 op_executor:invocation_loop(ThreadId(11)) [1P:op-app/src/app/backend.rs:217] <blocking event loop invoke Invocation(Internal(NextTick(op-app/src/app/backend/automated_unlock.rs:28))) (0.000s)
TRACE 2022-09-08T20:44:42.358 tokio-runtime-worker(ThreadId(1)) [1P:op-data-layer/src/unlock.rs:215] >unlock_with_key
TRACE 2022-09-08T20:44:42.370 tokio-runtime-worker(ThreadId(1)) [1P:op-data-layer/src/unlock.rs:215] <unlock_with_key (0.012s)
DEBUG 2022-09-08T20:44:42.370 tokio-runtime-worker(ThreadId(1)) [1P:op-automated-unlock/src/lib.rs:552] Denied
INFO  2022-09-08T20:44:42.370 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:419] Session was not authorized

1Password Version: 8.9.4
Extension Version: Not Provided
OS Version: Ubuntu 22.04
Browser:_ Not Provided

Comments

  • donbeave
    donbeave
    Community Member

    Same on the latest macOS Ventura 13.0 (22A380)

    sign_and_send_pubkey: signing failed for ED25519 "donbeave SSH" from agent: agent refused operation

    And 1Password log file contains such error message:

    INFO 2022-11-12T04:18:02.059 tokio-runtime-worker(ThreadId(2)) [1P:ssh/op-ssh-agent/src/lib.rs:450] Session was not authorized

  • Dayton_ag
    Dayton_ag

    Hey y'all, I'm sorry for the delay here. I've had a hand at reproducing this and I've noticed that I can recreate this set of logs when I boot up and try an SSH command, without unlocking 1Password. When trying the SSH command, is 1Password currently locked and minimized to your menu / system tray? If so, does the 1Password app open when you run your SSH command, or does it remain locked in the background?

    The next time you run into this issue, could you open the 1Password desktop app, sign in, then re-run your SSH command and let me know if you see an improvement?

    Thanks y'all!

  • iono
    iono
    Community Member

    Thank you @Dayton_ag. I've been attempting to solve my issues with 1Password & SSH. I followed all instructions on the docs and got the same error "Session was not authorized" in my logs. After countless attempts at fixing it, and many other one line commands later. The only thing that fixed it was locking 1Password desktop app, then signing back into the application using Windows Hello. This then gave me the option of using my bio metrics to sign git, and use ssh.

    This I believe was due to the fact I had already signed in to 1Password desktop app previously, and enabled SSH access, in order for it to work and authenticate properly I had to lock and re sign in like you suggested to donbeave.

  • Dayton_ag
    Dayton_ag

    Hey @iono thanks for following up, and for sharing what got things working for you! This was likely needed to facilitate the Hello authorization prompts. Nonetheless, I'm glad to hear the SSH Agent is working for you now! 🙂

  • jumar
    jumar
    Community Member
    edited May 2023

    UPDATE: I had to restart my computer
    It would be helpful to mention this in the official instructions.

    I'm facing the same problem on macOS 13.3.1 (a).
    No matter what I try to do I always get this error when doing git fetch from a github repo

        sign_and_send_pubkey: signing failed for ED25519 "/Users/jumar/Downloads/id_ed25519.pub" from agent: agent refused operation

    1Password log contains these messages:

        INFO  2023-05-18T09:47:11.828 tokio-runtime-worker(ThreadId(8)) [1P:foundation/op-sys-info/src/process_information/macos/non_app_store.rs:86] failed to find NSApplication related to pid 3960
    INFO  2023-05-18T09:47:11.837 tokio-runtime-worker(ThreadId(1176)) [1P:foundation/op-apple/src/biometry_service.rs:308] System biometry info: BiometricStatus { current_policy: BiometricsOnly, current_method: TouchId, current_availability: NotEnrolled }
    INFO  2023-05-18T09:47:15.074 tokio-runtime-worker(ThreadId(3)) [1P:ssh/op-ssh-agent/src/lib.rs:541] Session was not authorized

    Even if my 1Password app is opened and unlocked it's still the same error.

    More SSH logs:

    debug1: Next authentication method: publickey
debug1: Offering public key: /Users/jumar/Downloads/id_ed25519.pub ED25519 SHA256:As31qZ4Rff4WbHnS6nikN84c+FRxbMERDnvYIgexE8c explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /Users/jumar/Downloads/id_ed25519.pub ED25519 SHA256:As31qZ4Rff4WbHnS6nikN84c+FRxbMERDnvYIgexE8c explicit agent
debug3: sign_and_send_pubkey: using publickey with ED25519 SHA256:As31qZ4Rff4WbHnS6nikN84c+FRxbMERDnvYIgexE8c
debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:As31qZ4Rff4WbHnS6nikN84c+FRxbMERDnvYIgexE8c
sign_and_send_pubkey: signing failed for ED25519 "/Users/jumar/Downloads/id_ed25519.pub" from agent: agent refused operation
  • floris_1P
    floris_1P

    @jumar Which 1Password version are you on?

  • jumar
    jumar
    Community Member

    @floris_1P this is my version at the moment:
    1Password for Mac 8.10.6
    81006027, on PRODUCTION channel

    As I said, the problem was fixed after restarting the computer but it was a bit unintuitive.

This discussion has been closed.