System auth not unlocking ssh key

torxed
torxed
Community Member
edited June 30 in SSH

So I have two machines, one where unlocking SSH key works perfectly well via system account password (lets say it's 1234).
But then on one machine I just can't figure out what's blocking 1password from unlocking the SSH key using the system account password.

On the "broken" machine, this is what happens on every new terminal:

The "biometrics" or system account password cannot unlock the SSH Key. Instead I have to use my master password for 1password (lets say that's 987654321).
1password is unlocked and open on another monitor if that matters/helps. And after one successful unlock using 987654321 - I can disconnect and SSH again in the same terminal without having to re-unlock the SSH key, for this very specific terminal process. But any new/other terminals won't be able to use the SSH key without the master password input.

Also of relevance perhaps, on the other machine, I don't get this fancy prompt. I get what looks like a qt prompt from early 2000's in comparison. Where if I enter 1234 then the SSH key unlocks.

journalctl only logs the following:

Jun 30 12:54:28 bigrigv2 polkitd[1109]: action=[Action id='com.1password.1Password.unlock']
Jun 30 12:54:28 bigrigv2 polkitd[1109]: subject=[Subject pid=2028 user='anton' groups=anton,wheel,tty,uucp,video,flutterusers,docker seat='seat0' session='1' system_unit=null local=true active=true]

Which it does after I added logging to polkit.
And 1password log only contains this during the ssh invocation and me entering 1234 in the popup:

INFO  2024-06-30T11:06:13.302 tokio-runtime-worker(ThreadId(64)) [1P:foundation/op-system-auth/src/lib.rs:322] Biometry is available for 1 or more accounts
INFO  2024-06-30T11:06:14.690 tokio-runtime-worker(ThreadId(16)) [1P:app/op-app/src/app/backend/auth_prompt.rs:48] invoked auth prompt unlock
INFO  2024-06-30T11:06:14.701 tokio-runtime-worker(ThreadId(64)) [1P:foundation/op-system-auth/src/lib.rs:322] Biometry is available for 1 or more accounts

I have tried the troubleshooting here: https://support.1password.com/system-authentication-linux/#get-help
Mainly the "turn it off and on again", without any successful results.

Side note: why does this forum have overflow-y: hidden on this input <textarea> that gets re-attached if removed via inspection console.. can't scroll back up to see what I wrote

1Password Version: 8.10.34
Extension Version: Not Provided
OS Version: Arch Linux, 6.9.6
Browser: desktop app

Comments

  • torxed
    torxed
    Community Member

    On the broken machine, disable (uncheck) Settings -> Developer -> "Use rich approval prompt".
    Then make sure you have a polkit agent installed and running.

    In my case it was a matter of:

    $ pacman -Sy lxqt-policykit
$ /usr/bin/lxqt-policykit-agent &

    After that system auth works again.
    Apologies for the noise, I had the agent installed but the agent wasn't running correctly. Sad that there was no errors that I could find indicating that it couldn't spawn an agent auth prompt.