Working in VSC with 1p-SSH keys / Unlock 1p many times a day

dmacx
dmacx
Community Member
edited May 2022 in SSH

I love to have SSH keys stored in 1password and not on the local disc any more. This makes my keys more "mobile".

But now with my setup on my daily basis I really have to often unlock 1password (with the fingerprint) within Visual Studio Code. When I leve the Mac and come back later, I have to unlock it again. And again. And again.'

In know: This is security basis of 1password. But with the comfort of have the SSH keys with me, I lost the comfort while using VSC. Is it possible to grand access for a session within VSC?


1Password Version: 8.6.0
Extension Version: 2.3.0
OS Version: maxOS 12.2.1

Comments

  • XIII
    XIII
    Community Member

    I also ran into this, but I use SSH within VS Code so infrequently that I decide to disable/remove the remote/SSH plugin…

    (Might revert that if 1Password has a better solution)

  • smithj
    smithj
    Community Member

    This is something I was going to raise as well, I understand the security implications so it would be good to perhaps have a configurable amount of time. At least have the SSH Agent follow the same logic as Auto-lock from the settings.

    With my previous setup my keys would get unlocked by passphrase each login and that was it, whereby now I have having to pass biometric auth quite frequently. Windows Hello is good, but it isn't that good and it's slowing me down.

  • whitw
    whitw
    Community Member
    edited March 2022

    This is always a solution (depends on your own threat-tolerance):

    [manjaro ~]# cat /etc/polkit-1/rules.d/10-ssh.rules
    
    /* Allow users in UPDATE_WITH_YOUR_USER_GROUP group to use 1Password SSH agent without authentication */
    polkit.addRule(function(action, subject) {
        if (action.id == "com.1password.1Password.authorizeSshAgent" &&
            subject.isInGroup("UPDATE_WITH_YOUR_USER_GROUP")) {
            return polkit.Result.YES;
        }
    });
    
  • lm4cc
    lm4cc
    Community Member

    I also have this problem with IntelliJ IDEA, which does git fetch in the background quite frequently. I want to only authorize the program once per session, not every time it needs a key!

  • BeardedPrince
    BeardedPrince
    Community Member

    Same issue here. I don't have the remote/SSH plugin installed.

  • rodneyt
    rodneyt
    Community Member

    I haven't been able to get 1password ssh to work with Visual Studio remote servers at all. Regardless of how I configure ssh config VS still prompts me via in-app dialog for SSH password. Can someone walk me through how to get Visual Studio to connect to a remote development server using 1password?

  • vdhpieter
    vdhpieter
    Community Member

    Running into the same issue with git fetch. Did anybody found a solution?

  • daanl
    daanl
    Community Member

    I am having the same issue, which is actually a bit weird as the docs mention: "After approving, you can continue using the same SSH key from the same terminal window, IDE, or Git client without being prompted again, until 1Password locks.", which doesn't seem to be the case for me when using VS Code.

  • daanl
    daanl
    Community Member

    I contacted 1Password support (their response), and for me it was fixed by updating Git.

  • Over the past couple of weeks we've made a number of improvements that should reduce the prompting frequency. VSCode and IntelliJ IDEs should work as expected on the latest nightly (you are prompted to authorize the first time the IDE attempts to auto-fetch and subsequent auto-fetch requests do not result in prompts).

    Please let us know if you still encounter issues with the prompting frequency.

  • monxoom
    monxoom
    Community Member

    Had the same Problem with VS Code bringing up 1P’s auth window every other second. The culprit in my case was git’s "Autofetch" that was set to "true". I’ve set it to "false" and the problem was gone.

  • floris_1P
    edited May 2023

    We're now suppressing SSH prompts from apps that run in the background to avoid unexpected prompts. This makes Git autofetch a more attractive option again.

This discussion has been closed.