rsync invoked by macOS Shortcut automation doesn't prompt SSH biometrics

wanderingmists
wanderingmists
Community Member
in SSH

Scenario
I've got a simple workflow where I'm running rsync to a seedbox periodically. The SSH key is being managed by 1Password. Running rsync directly works like a charm.

I'm yak shaving here but I wanted to run the script from Apple's Shortcuts app so I could put the action on the dock or toolbar for a one click solution.

Problem

Apple Shortcuts offers a "Run Shell Script" action and I'm just running rsync directly there. When you run the script it hangs until it times out with this error.

sign_and_send_pubkey: signing failed for ED25519 "Seedbox SSH Key" from agent: communication with agent failed
Permission denied, please try again.
Permission denied, please try again.
<user>@<host>: Permission denied (publickey).
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: unexplained error (code 255) at /AppleInternal/Library/BuildRoots/c2cb9645-dafc-11ed-aa26-6ec1e3b3f7b3/Library/Caches/com.apple.xbs/Sources/rsync/rsync/io.c(453) [receiver=2.6.9]

What appears to be happening is the authorization biometrics prompt doesn't ever appear and that's what's causing the timeout.

I'm not sure if this is because the Shortcuts app sandboxes everything real tight which makes this use case impossible or some event is getting eaten.

1Password Version: 8.10.8
Extension Version: Not Provided
OS Version: macOS 13.4.1
Browser: Not Provided

Comments

  • floris_1P
    floris_1P

    Do you see anything appear in the 1Password logs when you run the failing SSH command? On macOS: ~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log

  • wanderingmists
    wanderingmists
    Community Member

    Pretty much what I expected.

    INFO  2023-07-20T19:25:24.037 tokio-runtime-worker(ThreadId(2)) [1P:ssh/op-ssh-agent/src/lib.rs:553] Notifying user through tray icon that they have a background prompt waiting
INFO  2023-07-20T19:26:23.116 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:361] ssh authorization prompt timed out

    To me this means that either the macOS tray API has an option for bubbling up that's not being used or the Shortcut sandboxing eats any dynamic prompts.

  • floris_1P
    floris_1P
    edited August 2023

    @wanderingmists We found and fixed the issue and the fix will be out in next week's beta release. It's already available today on the nightly release channel. Thanks for reporting!

  • wanderingmists
    wanderingmists
    Community Member

    That’s awesome! Thank you for looking into this.

  • wanderingmists
    wanderingmists
    Community Member

    I just pulled down the beta and validated that the fix works. Thanks for the quick turnaround!

This discussion has been closed.