request: remember application approval for SSH agent

wiredhost
wiredhost
Community Member
in SSH

my intelliJ app has Git Toolbox plugin which checks git via SSH every 10 minutes. Due to this, I continuously get 1Password 8 on macOS asking if I want to allow this PHPStorm to access the SSH key.
Can you please add an option to remember the setting? Otherwise I need to revert moving to the 1password 8 SSH agent.

1Password Version: 8.9.4
Extension Version: Not Provided
OS Version: macOS
Browser:_ Not Provided

Comments

  • wiredhost
    wiredhost
    Community Member

    @floris_1P hopefully you can help?

  • floris_1P
    floris_1P
    edited September 2022

    That doesn't sound right! So are you getting prompted on every single Git fetch? Without 1Password locking in the mean time? If so, it would be helpful if you could collect and submit your SSH agent diagnostics, as described here. And also include your PhpStorm version number.

    You should only be prompted once here, until 1Password locks.

  • Unknown
    Unknown
    edited September 2022
    This content has been removed.
  • wiredhost
    wiredhost
    Community Member

    it would be helpful if you could collect and submit your SSH agent diagnostics

    Sorry, i'm unable to provide this.

    i'm constantly locking my computer when i leave it (coffee / bathroom / phone call). So having to confirm phpStorm / webStorm access to the SSH key again is terribly annoying.
    Also, when i'm watching a movie, 1password's prompt is popping up for phpStorm over the movie - and for some reason not just once. It happened 3+ times (may have been different keys).

    Overall, good thought having SSH keys in 1password: but real world, the prompts are overboard. As @sitepodmatt mentioned: the request should be once per app, and it's set for that app.

    I can't recommend my company turn this on until it's matured, and i've turned it off now and gone back to the files.

  • brian.f_1P
    brian.f_1P

    At the moment, we don’t have a way to authorize an application “for life.” However there are settings to adjust the frequency.

    Under Preferences -> Developer, you could set it to remember an application until it or 1Password quits.

    Note that a newly started application will always ask to authorize.

    Under Preferences -> Security -> Auto-lock, you can find 1Password lock settings.

    As for the prompts interrupting you, we have something coming soon to help alleviate that!

    I’d love to get your feedback on how it feels with these settings changed!

  • wiredhost
    wiredhost
    Community Member

    I tried those changes, and I was still getting prompted multiple times a day (i.e. every time I unlocked my machine). It was also annoying when I was writing something, and the prompt would take over my screen's focus.
    I then turned it off.

  • Unknown
    Unknown
    This content has been removed.
  • Jack.P_1P
    Jack.P_1P

    Hi @sitepodmatt:

    Thanks for your feedback on this. While I can't promise anything specifically, I'll share your thoughts with the team.

    Jack

  • hughbiquitous
    hughbiquitous
    Community Member

    Following. I'm experiencing the same thing but so far I haven't been able to nail down which locking event is messing up my expectations -- still working on that though. I'm hoping to have a situation where I can grant access to the SSH key once every 12 hours (or sooner if I restart IntelliJ).

  • Jack.P_1P
    Jack.P_1P

    Hi @hughbiquitous:

    While I can't share any specifics, we are working on making some improvements to this. Stay tuned.

    Jack

  • floris_1P
    floris_1P

    We have made a bunch of improvements in this area. Prompts from background apps are now being silenced automatically to avoid unexpected interruptions, and you there's now a authorization model you can choose that's closer to the OpenSSH agent model.

  • truecarry
    truecarry
    Community Member

    I'm facing similar but opposite issue. Whenever I'm doing git fetch/push through vscode or Github Desktop, 1Password just silently shows red circle on tray icon(Windows). To sign commit I need to click tray icon, click on 'SSH Request waiting approval', and do it again right after to sign commit with my key. I guess github/vscode spawns new instances of git, so it triggers new confirmations. It would be great to atleast have some approval screens in that case, instead of hunting tray icon. Ideally 1Password should somehow understand that requests comes from same source and was authorized already.

  • floris_1P
    floris_1P

    @truecarry Which version of 1Password for Windows are you using? We've recently made some improvements in this area.

  • dabe
    dabe
    Community Member

    I'm also experiencing the behavior mentioned in the original post. I have "Remember key approval" set to 4 hours, but every time I make a git commit, I have to type in my password to use the GPG signing key, and every time I fetch/pull/push, I have to type in my password to use the GitHub auth key (all of these happening within ~10 minutes of each other).

    Using 1Password for Linux 8.10.13 (81013005)

    To note, I often experienced the same problem as @truecarry , but I haven't used Windows in a while, so I assume that's better.

  • ricombination
    ricombination
    Community Member

    Same here ... I have to unlock 1Password to push to github and when I deploy just a few seconds later (through ssh / php deployer), the terminal asks for my SSH key password. Then I have to Control+C the command in the terminal, open and unlock 1Password, start the deployment again and authorise it when the modal from 1Password pops up.

    MacOS 13.5.1, PhpStorm 2023.1, 1Password for Mac 8.10.16 (81016015)

  • poordecisions
    poordecisions
    Community Member
    edited December 2023

    +1 this feature is unusable in its current form. Please just tie it to my login keychain. I want to store my keys securely with 1Password but I have no desire to approve every single access. I just want 1 password for storing/syncing of keys. Please stop prompting me every time an app needs a key. This is ridiculous.

  • Ash79
    Ash79
    Community Member

    We should have the "Always approve for this application" option, and not just the "Approve for all applications" option, because some development tools access ssh keys frequently.

  • Unknown
    Unknown
    This content has been removed.
  • francislavoie
    francislavoie
    Community Member

    I'd like to reiterate the want for a "Always approve for this application". It's quite tedious to have to re-approve more than one key each time I reboot an application or 1password itself when I update them and reboot them. I appreciate the default being to have low trust, but I trust these applications and their supply chains so I don't worry that it could be exploited.

  • ag_tommy
    ag_tommy

    @francislavoie

    Thank you for sharing that this type of enhancement would be a benefit to how you use 1Password. I have passed this along to the products team for further consideration. While I can't guarantee a specific outcome, I can advocate for your position.

    ref: PB-43755828

  • Unknown
    Unknown
    edited December 1
    This content has been removed.