SSH key randomly stopped working -- user@host.com: Permission denied (publickey).

[Deleted User]
[Deleted User]
Community Member
edited March 2023 in SSH

I love 1password and its SSH agent capability is a joy to use. However, since today I've experienced the error:

my-pc% ssh user@host.com
# user@host.com: Permission denied (publickey).
my-pc% ssh-add -l    
# Could not open a connection to your authentication agent.

SSH is enabled in 1password's settings. The contents of my SSH config file is as instructed in documentation:

# ~/.ssh/config

Host *
    IdentityAgent ~/.1password/agent.sock

Turning the SSH agent off and on gives these logs:

# $XDG_CONFIG_HOME/1password/logs/1Password_rCURRENT.log

INFO  2023-03-25T21:41:36.081 ThreadId(10) [client:typescript] Client starting.
INFO  2023-03-25T21:41:36.170 tokio-runtime-worker(ThreadId(6)) [1P:native-messaging/op-native-core-integration/src/lib.rs:285] Starting IPC listener on 1Password-BrowserSupport
INFO  2023-03-25T21:41:36.171 ThreadId(10) [1P:op-localization/src/lib.rs:226] system locale detected as 'en-GB'
INFO  2023-03-25T21:41:36.171 ThreadId(10) [1P:op-localization/src/lib.rs:252] selected translations for EN_US based on detected locale en-GB
INFO  2023-03-25T21:41:36.171 ThreadId(10) [status:op-app/src/app.rs:450] App::new(1Password for Linux/81003012 (EN_US), /home/$USER/.local/config/1Password/1password.sqlite)
INFO  2023-03-25T21:41:36.171 tokio-runtime-worker(ThreadId(7)) [1P:native-messaging/op-native-core-integration/src/lib.rs:297] Active native core integration is awaiting messages
INFO  2023-03-25T21:41:36.171 ThreadId(10) [1P:data/op-db/src/db.rs:123] Starting DB at version: 26
INFO  2023-03-25T21:41:36.173 ThreadId(10) [1P:ssh/op-ssh-config/src/lib.rs:219] agent configured
ERROR 2023-03-25T21:41:36.173 ThreadId(10) [1P:ffi/op-core-node/src/lib.rs:63] Attempted to notify uninitialized App
ERROR 2023-03-25T21:41:36.173 ThreadId(10) [1P:ffi/op-core-node/src/lib.rs:63] Attempted to notify uninitialized App
INFO  2023-03-25T21:41:36.174 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.local/config/google-chrome/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.174 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.local/config/google-chrome-beta/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.175 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.local/config/google-chrome-unstable/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.175 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.local/config/chromium/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.175 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.local/config/microsoft-edge-dev/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.175 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.local/config/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.217 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.local/config/vivaldi/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.217 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.local/config/vivaldi-snapshot/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.217 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.config/google-chrome/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.217 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.config/google-chrome-beta/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.217 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.config/google-chrome-unstable/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.217 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.config/chromium/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.217 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.config/microsoft-edge-dev/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.217 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.218 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.config/vivaldi/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.218 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.config/vivaldi-snapshot/NativeMessagingHosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.218 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/$USER/.mozilla/native-messaging-hosts/com.1password.1password.json
INFO  2023-03-25T21:41:36.218 op_executor:invocation_loop(ThreadId(20)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:83] Successfully installed all native messaging manifests.
INFO  2023-03-25T21:41:36.218 tokio-runtime-worker(ThreadId(6)) [1P:ssh/op-agent-controller/src/desktop.rs:409] SSH Agent has started.
INFO  2023-03-25T21:41:44.190 tokio-runtime-worker(ThreadId(1)) [1P:data/op-account-ext-items/src/lib.rs:225] loaded 553 items in 7 vaults for account: FEPEWI3CDNGV3GGPXJFK7ST7SA
INFO  2023-03-25T21:41:44.194 op_executor:invocation_loop(ThreadId(20)) [1P:op-app/src/app/backend/unlock.rs:122] Lock state changed: Unlocked
INFO  2023-03-25T21:41:44.195 tokio-runtime-worker(ThreadId(6)) [1P:native-messaging/op-native-core-integration/src/lib.rs:303] Setting has been toggled on/off, restarting native core integration
INFO  2023-03-25T21:41:44.195 tokio-runtime-worker(ThreadId(6)) [1P:native-messaging/op-native-core-integration/src/lib.rs:285] Starting IPC listener on 1Password-BrowserSupport
INFO  2023-03-25T21:41:44.195 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:297] Active native core integration is awaiting messages
INFO  2023-03-25T21:41:45.628 tokio-runtime-worker(ThreadId(8)) [1P:op-syncer/src/sync_job.rs:291] synced account FEPEWI3CDNGV3GGPXJFK7ST7SA (0.129731279s)
INFO  2023-03-25T21:41:45.628 tokio-runtime-worker(ThreadId(8)) [1P:data/op-file-transfer/src/lib.rs:565] find_and_complete_pending_uploads: 'FEPEWI3CDNGV3GGPXJFK7ST7SA'
INFO  2023-03-25T21:41:45.923 tokio-runtime-worker(ThreadId(3)) [1P:data/op-account-ext-syncer/src/lib.rs:250] The B5 Notifier for (FEPEWI3CDNGV3GGPXJFK7ST7SA) has connected, now monitoring for events.
INFO  2023-03-25T21:41:52.938 tokio-runtime-worker(ThreadId(3)) [1P:ssh/op-agent-controller/src/desktop.rs:409] SSH Agent has started.
INFO  2023-03-25T21:41:55.481 op_executor:invocation_loop(ThreadId(20)) [1P:op-app/src/app/backend/frontend.rs:27] Front end event: window closed

1password is (as of writing) fully up-to-date, as is the rest of my system:

my-pc% sudo pacman -Syu
:: Synchronising package databases...
 core is up to date
 extra is up to date
 community is up to date
:: Starting full system upgrade...
 there is nothing to do
theo-pc% yay -Sua           
:: Searching AUR for updates...
 -> Flagged Out Of Date AUR Packages:  firefox-appmenu-bin  wiibafu
 there is nothing to do

What could be going on here?

1Password Version: 1Password for Linux 8.10.3 (81003012)
OS Version: Arch Linux (rolling release)

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    Interestingly, commit signing works just fine.

  • floris_1P
    floris_1P

    Could you provide your ssh -v user@host output?

  • [Deleted User]
    [Deleted User]
    Community Member
     
    OpenSSH_9.2p1, OpenSSL 3.0.8 7 Feb 2023
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to host.com [IP.IP.IP.IP] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5+deb11u1
debug1: compat_banner: match: OpenSSH_8.4p1 Debian-5+deb11u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to host.com:22 as 'user'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:/tC1NzMgwd4Iek+WhI9qRw/TbLXG2ogRVL0QDVUY8fA
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'host.com' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: main SSH key ED25519 SHA256:ILeN0jWD7UB1esK9DNq69Ie+rakdEWKrBDdLWgNAQTs agent
debug1: Will attempt key: /home/user/.ssh/id_rsa 
debug1: Will attempt key: /home/user/.ssh/id_ecdsa 
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/user/.ssh/id_ed25519 
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/user/.ssh/id_xmss 
debug1: Will attempt key: /home/user/.ssh/id_dsa 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: main SSH key ED25519 SHA256:ILeN0jWD7UB1esK9DNq69Ie+rakdEWKrBDdLWgNAQTs agent
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Trying private key: /home/user/.ssh/id_ed25519_sk
debug1: Trying private key: /home/user/.ssh/id_xmss
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: No more authentication methods to try.
user@host.com: Permission denied (publickey).
  • [Deleted User]
    [Deleted User]
    Community Member

    Okay, it's sorted. I had accidentally deleted my home directory last session (I wasn't using it for anything so it wasn't an obvious mistake) and so with it the .ssh folder disappeared, wiping the authorised keys file. Restoring the file with my SSH public key resolved the issue. Sorry for wasting your time, but hopefully this will serve to help anyone else who ever has this issue.

  • floris_1P
    floris_1P

    Glad you got it working again 👍

This discussion has been closed.