agent refused operation error on macOS
Hi there,
Just installed 1Password8 beta and setup an SSH key for internal company GitHub and I keep getting this error:
graham@Grahams-MBP dmautomationlib % git pull sign_and_send_pubkey: signing failed for ED25519 "My SSH Key" from agent: agent refused operation git@github.mycompany.com: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
Here's the error I see in the 1Password_rCURRENT.log
WARN 2022-03-22T11:43:47.081 tokio-runtime-worker(ThreadId(1)) [1P:foundation/op-sys-info/src/process_information/macos/non_app_store.rs:195] failed to get parent process of 1 WARN 2022-03-22T11:43:47.081 tokio-runtime-worker(ThreadId(1)) [1P:foundation/op-sys-info/src/process_information/macos/non_app_store.rs:81] failed to find toplevel parent WARN 2022-03-22T11:43:47.081 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:330] Unable to get client_info for pid: 2224
1Password Version: 80700012
Extension Version: 2.3.1
OS Version: macOS 12.3
Comments
-
One other interesting thing is that when I run ssh-add -l I get no keys back, but if I first run export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock then I get the keys back but it still fails.
0 -
That's odd, what terminal are you using? Could you see what the 1Password logs say if you try another (GUI) client or terminal?
And about
ssh-add, that's expected becausessh-addignoresIdentityAgent.0 -
I'm just using the stock Terminal app in macOS. When I tried SourceTree the other day it didn't work but today it did.
WARN 2022-03-24T10:50:21.224 tokio-runtime-worker(ThreadId(6)) [1P:foundation/op-sys-info/src/process_information/macos/non_app_store.rs:195] failed to get parent process of 1 WARN 2022-03-24T10:50:21.224 tokio-runtime-worker(ThreadId(6)) [1P:foundation/op-sys-info/src/process_information/macos/non_app_store.rs:81] failed to find toplevel parent WARN 2022-03-24T10:50:21.224 tokio-runtime-worker(ThreadId(6)) [1P:ssh/op-ssh-agent/src/lib.rs:330] Unable to get client_info for pid: 82526 WARN 2022-03-24T10:50:22.050 tokio-runtime-worker(ThreadId(6)) [1P:foundation/op-sys-info/src/process_information/macos/non_app_store.rs:195] failed to get parent process of 1 WARN 2022-03-24T10:50:22.051 tokio-runtime-worker(ThreadId(6)) [1P:foundation/op-sys-info/src/process_information/macos/non_app_store.rs:81] failed to find toplevel parent WARN 2022-03-24T10:50:22.051 tokio-runtime-worker(ThreadId(6)) [1P:ssh/op-ssh-agent/src/lib.rs:330] Unable to get client_info for pid: 82532
0 -
I'm getting something very similar on Debian 11:
$ export SSH_AUTH_SOCK=~/.1password/agent.sock $ ssh me@somehost sign_and_send_pubkey: signing failed for ED25519 "/home/usr/.ssh/id_mykey" from agent: agent refused operation $ tail -n 2 ~/.config/1Password/logs/1Password_r00000.log WARN 2022-04-28T23:15:04.336 tokio-runtime-worker(ThreadId(1)) [1P:foundation/op-sys-info/src/process_information/linux.rs:394] no top-level parent was found for pid 4376 INFO 2022-04-28T23:15:04.338 tokio-runtime-worker(ThreadId(1)) [1P:ssh/op-ssh-agent/src/lib.rs:370] Session was not authorized
0 -
Seeing the same trying to connect to circleci. I've even exported the public key and used IdentityFile for it
0 -
@gmcluhan @asdfasdfasdfasdf @tybritten Could you see if it's still happening now on a recent beta or nightly? And if it does, it would be very helpful if you could submit an SSH diagnostics report.
0 -
Ok just uploaded a diagnostic report after using last night's nightly
0 -
@tybritten Thanks! Also: do you see anything appear in the 1Password logs when you invoke the SSH command to CircleCI? On macOS:
~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log0 -
ERROR 2022-05-11T09:13:59.011 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ssh/op-ssh-agent/src/lib.rs:396] Error handling sign request: Key(signing with ssh-rsa is unsupported; SHA-1 may be insecure) ERROR 2022-05-11T09:14:00.613 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ssh/op-ssh-agent/src/lib.rs:396] Error handling sign request: Key(signing with ssh-rsa is unsupported; SHA-1 may be insecure)0 -
@tybritten Aha, that's a (different) known issue. See this thread for more info.
0 -
Switched to nightly/edge by installing https://downloads.1password.com/linux/debian/amd64/edge/1password-latest.deb (80800103). Still getting an error:
ssh me@ahost.somedomain sign_and_send_pubkey: signing failed for ED25519 "/home/me/.ssh/id_thekey" from agent: agent refused operation
But with slightly different logs:
$ tail -n 4 ~/.config/1Password/logs/1Password_r00000.log INFO 2022-05-20T22:29:10.434 tokio-runtime-worker(ThreadId(5)) [1P:ssh/op-agent-controller/src/desktop.rs:285] SSH Agent has started. WARN 2022-05-20T22:29:11.530 op_executor:invocation_loop(ThreadId(13)) [1P:foundation/op-linux/src/kernel_keyring.rs:817] failed to initialize keyring helper, its functionality will be unavailable: KeyringError(Os { code: 38, kind: Unsupported, message: "Function not implemented" }) WARN 2022-05-20T22:29:11.534 1Password Application Keyring Manager(ThreadId(14)) [1P:foundation/op-linux/src/kernel_keyring.rs:89] 1Password's application keyring failed to initialize (KeyringError(Os { code: 38, kind: Unsupported, message: "Function not implemented" })), its functionality will be unavailable WARN 2022-05-20T22:29:15.416 ThreadId(7) [1P:op-app/src/app.rs:275] Application binary and/or it's directory was moved or replaced, exiting.I submitted an ssh-diagnostics zip. I mentioned there but I will here as well, this is in Debian 11 in a Crostini VM on ChromeOS 101.0.4951.59.
0
