"Wrong passphrase" when importing SSH key even if it's correct

mstrzele
mstrzele
Community Member
edited May 2022 in SSH

When I try to import one of my SSH private keys (either from a file or through the system's clipboard), 1Password keeps saying that the passphrase I provide is wrong.

Providing the same passphrase, when adding another key with the same passphrase, works fine.

I'm able to add the key to the macOS default SSH agent:

$ ssh-add ~/.ssh/someone@example.com
Enter passphrase for /Users/mstrzele/.ssh/someone@example.com:
Identity added: /Users/mstrzele/.ssh/someone@example.com (/Users/mstrzele/.ssh/someone@example.com)
$ ssh-add -l
4096 SHA256:VYZx99XD1lBZIDd8bgnSgMLpIQ4MQfx8wSidaL9ES1c /Users/mstrzele/.ssh/someone@example.com (RSA)

I can't add the key to the agent provided by 1Password, though:

$ echo "$SSH_AUTH_SOCK"
/Users/mstrzele/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock
$ ssh-add ~/.ssh/someone@example.com
Enter passphrase for /Users/mstrzele/.ssh/someone@example.com:
Could not add identity "/Users/mstrzele/.ssh/someone@example.com": agent refused operation

My private key is an RSA with 4096 bytes length, as you can see in the output of ssh-add.


1Password Version: 80600051, on BETA channel
Extension Version: 2.2.3
OS Version: macOS 12.2.1 (21D62)

Comments

  • mstrzele
    mstrzele
    Community Member

    When I try to import one of my SSH private keys (either from a file or through the system's clipboard), 1Password keeps saying that the passphrase I provide is wrong.

    Providing the same passphrase, when adding another key with the same passphrase, works fine.

    I'm able to add the key to the macOS default SSH agent:

    $ ssh-add ~/.ssh/someone@example.com
    Enter passphrase for /Users/mstrzele/.ssh/someone@example.com:
    Identity added: /Users/mstrzele/.ssh/someone@example.com (/Users/mstrzele/.ssh/someone@example.com)
    $ ssh-add -l
    4096 SHA256:VYZx99XD1lBZIDd8bgnSgMLpIQ4MQfx8wSidaL9ES1c /Users/mstrzele/.ssh/someone@example.com (RSA)
    

    I can't add the key to the agent provided by 1Password, though:

    $ echo "$SSH_AUTH_SOCK"
    /Users/mstrzele/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock
    $ ssh-add ~/.ssh/someone@example.com
    Enter passphrase for /Users/mstrzele/.ssh/someone@example.com:
    Could not add identity "/Users/mstrzele/.ssh/someone@example.com": agent refused operation
    

    My private key is an RSA with 4096 bytes length, as you can see in the output of ssh-add.

  • @mstrzele Hello! Apologies for the late response! We recently improved the error messages when attempting to import an unsupported key. Previously, a key with an encrypted key with an unsupported public exponent (less than 65537) would report an incorrect passphrase error. However, it now reports the correct error.

    Are you able to update to the latest version and try again? You can check the public exponent on your key with:

    openssl rsa -text -in id_rsa | grep publicExponent
    

    Let me if this was the issue. Cheers!

This discussion has been closed.