Macos Monterey: git not working with the ssh agent

Options
ArcanumXIII
ArcanumXIII
Community Member
in SSH

Hi,

I'm trying to use the ssh agent with git and no dice. I'm using two different key: one to connect to almost every server, and one specific for Github. Both are ed25519 and works fine when not using 1Password. They're both in my Private vault.

I've followed the direction, so I have

~/.ssh/config:
`Host *
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

Host github.com
User git
IdentitiesOnly yes
IdentityFile ~/.ssh/github.pub`

It works fine for ssh hosts (normal key), but impossible to reach Github "Permission denied (publickey)", which use the specific config. I don't even have the request from 1Password to allow the key use.

OpenSSH_8.6p1, LibreSSL 3.3.6 debug1: Reading configuration data /Users/seb/.ssh/config debug1: /Users/seb/.ssh/config line 1: Applying options for * debug1: /Users/seb/.ssh/config line 56: Applying options for github.com debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files debug1: /etc/ssh/ssh_config line 54: Applying options for * debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug1: Connecting to github.com port 22. debug1: Connection established. debug1: identity file /Users/seb/.ssh/github.pub type 3 debug1: identity file /Users/seb/.ssh/github.pub-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.6 debug1: Remote protocol version 2.0, remote software version babeld-25270101 debug1: compat_banner: no match: babeld-25270101 debug1: Authenticating to github.com:22 as 'git' debug1: load_hostkeys: fopen /Users/seb/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 debug1: load_hostkeys: fopen /Users/seb/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host 'github.com' is known and matches the RSA host key. debug1: Found key in /Users/seb/.ssh/known_hosts:13 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: Will attempt key: /Users/seb/.ssh/github.pub ED25519 SHA256:sYO7nXbHVVjlvphIiWsAGvMjDE0X64cLNnN9a/NjB1s explicit agent debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /Users/seb/.ssh/github.pub ED25519 SHA256:sYO7nXbHVVjlvphIiWsAGvMjDE0X64cLNnN9a/NjB1s explicit agent debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. git@github.com: Permission denied (publickey).

I have also no log in /Users/seb/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log

I'm guessing the issue start with debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling

1Password Version: 8.9.8
Extension Version: Not Provided
OS Version: macos 12.6.1
Browser:_ Not Provided

Comments

  • Jack.P_1P
    Jack.P_1P
    Options

    Hi @ArcanumXIII:

    Just as a quick test, if you do ssh -T github.com, are you able to connect to GitHub and receive the "Hi USERNAME! You've successfully authenticated, but GitHub does not provide shell access." message? Let me know, and I can take a closer look.

    Jack

  • ArcanumXIII
    ArcanumXIII
    Community Member
    Options

    Nope, the same dreaded 'git@github.com: Permission denied (publickey)'

  • Jack.P_1P
    Jack.P_1P
    Options

    Hey @ArcanumXIII:

    Thanks for confirming. I've done some more testing, and it seems like if SSH is offering a public key, but the server isn't responding, it's likely that the public key isn't recognized by the server.

    Just to double check that your key is configured with GitHub, navigate to https://github.com/settings/keys. Here, click New SSH key. Choose Authentication Key, and if you have 1Password installed in your browser, your SSH keys will be suggested. Click your GitHub key to fill.

    After doing that, try ssh -T github.com again. If you're still running into trouble after that step, please try ssh -Tvv github.com and share the logs with us via email at businesssupport@1password.com. Thanks!

    Jack

  • ArcanumXIII
    ArcanumXIII
    Community Member
    Options

    Ouch! It was that... Seems my Github keys were rotate or deleted (my bad)

    It's now working !

  • Jack.P_1P
    Jack.P_1P
    Options

    Hey @ArcanumXIII:

    Glad to hear it! Feel free to get in touch if you need any help in the future. 🙂

    Jack

This discussion has been closed.