v8.10.4 SSH Problem

solarizde
solarizde
Community Member
edited April 2023 in SSH

Hey,

since the update yesterday to 1Password for Windows 8.10.4 I have huge Issues with Mobaxterm and SSH Auth.

The new SSH Dialogue seems to get activated I hear a windows sound, but the window is not shown and the whole Mobaxterm process trying to uise a SSH Key freezes until I terminate it in Taskmanager.

The only way to get it running again is to logout my Account or reboot Windows. Even if I close down 1p and Mobaxterm ending all processes and restart them it will end the same way. SSH Connection starting and as soon as the auth req. comes in the process freeze, I cant even move the window around anymore.

PS: before the Update everything was fine.

ssh-add -l list all my neccesary keys so I don't know what is the real issue. I guess the SSH Prompt appears off screen or invisible or "behind" the stuck mobaxterm Window so I cant confirm it.

1Password Version: 8.10.4
Extension Version: Not Provided
OS Version: win 11
Browser:_ Not Provided

Comments

  • solarizde
    solarizde
    Community Member

    To add:

    I tried all possible settings in settings > dev > ssh agent. No matter if with rich prompt or without it fails.
    If I wait long enough I get a timeout and error: "Agent failed to provide a signature"

    This happens since the newest version for all SSH apps using winssh-pageant. Last week it worked like a charm.

  • solarizde
    solarizde
    Community Member

    I like Monologues :)

    I got the cause and a solution for it.

    It is as I already thought, the Auth Window is actually showing but it is somehow "off Screen" so I cant click. It is waiting there to confirm me the SSH Key usage but I cant confirm because I dont see it. In the meanwhile the foreground process windows of the actual app is in a kind of frozen state because waiting for agree or refuse. After the Dialogue times out the app responde again with the above error that agent failed to provide a signature.

    The "solution" is a small Autohotkey script which on execution move all windows, visible or not, to the main screen of the system and make them active.

    #NoEnv
#SingleInstance force
WinGet, list,list,,, Program Manager
Loop, %list%
{
    this_id := list%A_Index%
    WinGettitle,Title,ahk_id %this_id%
    If Title {
        WinMove,ahk_id %this_id%,,50,50
        Sleep, 250
    }
}

    After that the Auth Window reappears on Main Screen and because I can confirm I can use the SSH key for the next 24h (depends on your setting)

    It would be helpful if you could pass to the devs that they may add another routine to ensure the Auth Window is on the Main Display and actually active / visible. Sometimes Windows is a bit b*tchy with windows, epecially if they are triggered by other processes.

    ty

  • TMoneyAllDey
    TMoneyAllDey
    Community Member

    I'm having this issue as well. So annoying

  • solarizde
    solarizde
    Community Member
    edited April 2023

    I wrote to support, there I only got the suggestion to reset my 1p and reinstall.
    I don't think that issue is account related, it clearly looks to me like a problem of the newest win version with the overlay window. This should have nothing to do with the actual account itself. Hoping for some kind of ansewer and a hopeful fix soon.
    Currently it is really annoying and I moved back to my password manager I used before for SSH Key management because its broken for me. The workarounds do work but in a daily work it`s not practical.

  • floris_1P
    floris_1P
    edited April 2023

    Thanks for the detailed description! We're investigating this and will get back to you.

    Does it only happen for MobaXterm, or also when you invoke an SSH request from the terminal?

    As for a workaround for now, do you have Windows Hello enabled?

  • solarizde
    solarizde
    Community Member
    edited April 2023

    Hi,

    Not only mobaxterm, winscp, had it in VSCode and my backup program using scp. Github ssh works, so this is my best workaround at the moment, as TMoneyAllDey suggested in another post.

    The above postet AHK Script sometimes does the trick and bring the auth window to front where I can confirm but this is like 50/50.

    What always works is open a ssh request with a working client and then select "Confirm all" and set 1P to only ask once per 24h. So my daily thing, but I would rather not use "Allow all without further asking" and those long permission times.

    Windows Hello is no change, unfortunately. I can see the webcam turning on, so something is happening in the background, but it is still stuck.

    As said, this is really just new behaviour with 8.10.14, previous versions did not have this on me.

    thanks

  • solarizde
    solarizde
    Community Member

    In addition to @floris_1P I just read you post in another thread which gave the perfect answer of what is happening here:

    We've introduced functionality to suppress prompts for SSH requests that come from background apps, to avoid unexpected prompts showing up (e.g. IDE performing a background Git fetch while you're watching a movie). You can still manually bring up these prompts from the 1Password system tray icon.

    I never noticed the new behavior and the icon, guess thats the easiest way and the problem of the cause. Some Tools using win pageant as soon as it is running in the background, so I guess it is just not recognized and blocked.

    The one Im using is:

    Would be great to have this one whitelisted.

    Thanks

  • supersnellehenk
    supersnellehenk
    Community Member

    I'm also experiencing this using SSH from the Windows Terminal, using Windows Hello. It does prompt me through the tray icon. Running 1Password for Windows 8.10.5 (81005015) on Windows 11 Build 22621.

  • KTK
    KTK
    Community Member

    +1 My normal workflow involves forwarding these keys to WSL, so every request, including those from interactive applications is now considered background. This is a breaking change as VSCode makes many git requests all the time, and having to click the tray icon and approve each one isn't a feasible experience. Please allow this feature to be disabled, for now I'll be rolling back to an old version using our Business MSI.

  • floris_1P
    floris_1P

    We're looking into a fix for those. As a workaround for now, if you have Windows Hello enabled, you can revert to the old prompts by disabling the the Use rich approval prompt setting in the settings.

  • MartonS1P
    MartonS1P

    @supersnellehenk and @KTK could you reproduce this bug and collect and send us a diagnostics report? This will help us identify the issue and fix it.

    More info about how to send a diagnostics report here: https://developer.1password.com/docs/ssh/agent/troubleshooting/

  • supersnellehenk
    supersnellehenk
    Community Member
    edited April 2023

    I submitted my diagnostics, not sure if I submitted them correctly since it was under 'Business/Teams'. Here's my diagnostic file for any further reference: https://drive.google.com/file/d/1rvARUeYpDYhJ6iOY2BUHR03_KYVhDLDi/view?usp=sharing

    Case reference is 130015.

  • justinbarclay
    justinbarclay
    Community Member

    I recently upgraded from 8.10.1 to 8.10.5 on Windows 11 and I am now running into this same issue. I rely on my text editor to run git commits for me, so it does this by running the appropriate git commands as processes. I have tried disabling Use rich approval prompt but it still doesn't work for me the way it used to.

    If I try to run git directly on the command line I will get an authentication prompt and git will then continue on it's way.

    However, if I run this through my text editor, I notice a process hangs For example, I'll try to git fetch through my text editor and if I run top I can see a process like this /init /mnt/c/WINDOWS/System32/OpenSSH//ssh.exe /mnt/c/WINDOWS/System32/OpenSSH//ssh.exe -o SendEnv=GIT_PROTOCOL git@github.com git-upload-pack\ 'justinbarclay/dotfiles.git'. Then if I open up Notification Center, right click the 1password icon and select SSH request waiting, the process will stop hanging, git will finish fetching and the process will exit. I tried to work around this problem by setting 1password to remember my key approval for 4 hours, but 1password ignores this preference and requires authentication everytime I try to run git fetch or the like.

    So, back in 8.10.1 this process worked beautifully and perfectly for me. Now in 8.10.5, it's virtually unusable and no longer solves any of my problems.

  • solarizde
    solarizde
    Community Member

    After latest update it is a bit better but still not satisfying.
    Why not simply include a option at the tray dialog once you pop the auth dialog open to "remember this application and allow prompts in future" I'm not gaming and rarley using fullscreen apps so this protection is just hindering and annoying. Please let the people turn it off.

  • galentx
    galentx
    Community Member

    I'm also encountering this issue. I'm using PuTTY and winssh-pageant. No popup and the 1P tray icon displays a red (if I recall correctly) dot. The icon context menu lists the pending SSH request and the authentication prompt displays once I click on that. Using version 8.10.5 and the behavior is similar with or without "Use rich approval prompt" checked. This is a new machine in the last couple of weeks. My prior machine, which probably had an older version of 1P installed, did not have the issue and reliably popped up the authentication window.

  • solarizde
    solarizde
    Community Member

    Yes currently this is intended behavior of 1p. If a "background process" is reqesting an SSH Agent auth instead of displaying the dialog it will display the "red dot" on the tray Icon.

    I do understand that the intention is to limit popping up windows, but why not let the user chose?
    Can I disable that feature? No. Can I remember my decission like "Dont ask for next X time"? no. Can I allow / whitelist processes on my own? no.

    So good intention bad designed :(

    I hope they will at least give the option to turn that red dot feature off. This is a dev machine not a livingroom Netflix computer where I care not to have popups. If there is a SSH Auth request I need to see it, not get hidden away from me.

  • galentx
    galentx
    Community Member

    I agree completely @solarizde. Definitely need to correct this new behavior that has broken basic functionality.

  • justinbarclay
    justinbarclay
    Community Member

    For me, this behaviour has been corrected in 1Password for Windows 8.10.6 (81006026)

  • galentx
    galentx
    Community Member

    1Password for Windows 8.10.6 (81006027) now works for me with PuTTY/winssh-pageant. Restarting 1Password was not enough; I had to reboot the machine. Thank you for fixing this.

  • MartonS1P
    MartonS1P

    @justinbarclay and @galentx, I'm glad to hear the problem has been fixed for you.

    @solarizde The state of the "Approve for all applications" checkbox should now be remembered. Does this address the problem you're encountering?

  • solarizde
    solarizde
    Community Member

    @MartonS1P the issue is not the "remember for all application" checkbox, the issue is that I as a user do not have control about your internal whitelist tellin the SSH Agent which auth notification to show and which to minimize at the red dot notification.

    I would apreciate if a user can add certain apps to always prompt. For me not seening a auth (missing) because it got hidden away is far worse than constantly nagging popups.

    At least fallback let the user disable that red dot feature completely if it is impossible to add exceptions myself.

    thanks

  • floris_1P
    floris_1P

    @solarizde With winssh-pagent support being fixed now, are there still false positives you're encountering?

This discussion has been closed.