Git Bash and 1Password SSH not working

Svetlozar
Svetlozar
Community Member

I've setup 1Password (the app and the extension) on a newly installed Windows 11 Pro. When attempting to do anything related to my SSH keys from within Git Bash I keep getting git@github.com: Permission denied (publickey) , however if I do the exact same action from within PowerShell or CMD everything works as expected.

I followed the setup guide that can be found here: https://developer.1password.com/docs/ssh

My .gitconfig is the following:

[core]
    editor = \"C:\\Users\\Svetlozar\\AppData\\Local\\Programs\\Microsoft VS Code\\bin\\code\" --wait
    sshcommand = C:/Windows/System32/OpenSSH/ssh.exe
[user]
    name = Svetlozar Redacted
    email = svetlozar@redacted.com

ssh -Tv git@github.com output:

OpenSSH_9.0p1, OpenSSL 1.1.1o 3 May 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [140.82.121.3] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Svetlozar/.ssh/id_rsa type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_xmss type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_xmss-cert type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_dsa type -1
debug1: identity file /c/Users/Svetlozar/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version babeld-f7bde3b6
debug1: compat_banner: no match: babeld-f7bde3b6
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /c/Users/Svetlozar/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
debug1: load_hostkeys: fopen /c/Users/Svetlozar/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in /c/Users/Svetlozar/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/Svetlozar/.ssh/id_rsa
debug1: Will attempt key: /c/Users/Svetlozar/.ssh/id_ecdsa
debug1: Will attempt key: /c/Users/Svetlozar/.ssh/id_ecdsa_sk
debug1: Will attempt key: /c/Users/Svetlozar/.ssh/id_ed25519
debug1: Will attempt key: /c/Users/Svetlozar/.ssh/id_ed25519_sk
debug1: Will attempt key: /c/Users/Svetlozar/.ssh/id_xmss
debug1: Will attempt key: /c/Users/Svetlozar/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/Svetlozar/.ssh/id_rsa
debug1: Trying private key: /c/Users/Svetlozar/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/Svetlozar/.ssh/id_ecdsa_sk
debug1: Trying private key: /c/Users/Svetlozar/.ssh/id_ed25519
debug1: Trying private key: /c/Users/Svetlozar/.ssh/id_ed25519_sk
debug1: Trying private key: /c/Users/Svetlozar/.ssh/id_xmss
debug1: Trying private key: /c/Users/Svetlozar/.ssh/id_dsa
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).

When trying to look up for ways to resolve my issue I stumbled upon the following discussion https://1password.community/discussion/comment/634953#Comment_634953 where its mentioned that 1Password doesn't work within Git Bash, but then other discussions such as the one here: https://1password.community/discussion/127941/git-bash-always-wants-windows-hello-authentication seem to show that it is possible to make 1Password's SSH work with Git Bash.

The only relevant bit of the setup docs that I could think of which involves Git Bash is the following command: git config --global core.sshCommand "C:/Windows/System32/OpenSSH/ssh.exe" which I have ran and confirmed that the line is indeed added to the .gitconfig as seen above.

Does anyone have any idea what I could be missing or why it might not be working properly?


1Password Version: 8.7.1
Extension Version: 2.3.5
OS Version: Windows 11 Pro

Comments

  • The SSH agent should work with Git Bash. Could you run an ssh command again in git bash and check the logs of the 1Password app for any errors/messages? You can find the logs here %LOCALAPPDATA%/1Password/logs

  • Svetlozar
    Svetlozar
    Community Member

    Hi, thank you for your response!

    After trying:

    The entire log from today looked like the following:

    INFO 2022-06-10T12:30:53.852 ThreadId(34) [client:typescript] Client starting.
    INFO 2022-06-10T12:30:53.884 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging\op-native-core-integration\src\lib.rs:281] Starting IPC listener on 1Password-BrowserSupport
    INFO 2022-06-10T12:30:53.884 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging\op-native-core-integration\src\lib.rs:293] Active native core integration is awaiting messages
    INFO 2022-06-10T12:30:53.884 ThreadId(34) [1P:op-localization\src\lib.rs:234] system locale detected as 'en-GB'
    INFO 2022-06-10T12:30:53.884 ThreadId(34) [1P:op-localization\src\lib.rs:260] selected translations for EN_US based on detected locale en-GB
    INFO 2022-06-10T12:30:53.893 ThreadId(34) [status:op-app\src\app.rs:325] App::new(1Password for Windows/80701002 (EN_US), C:\Users\$USER\AppData\Local\1Password\1password.sqlite)
    INFO 2022-06-10T12:30:53.894 ThreadId(34) [1P:op-db\src\db.rs:120] Starting DB at version: 24
    INFO 2022-06-10T12:30:53.894 op_executor:invocation_loop(ThreadId(38)) [1P:foundation\op-install\src\windows\nmh_registration.rs:78] Installed BrowserSupport manifest for chrome extension
    INFO 2022-06-10T12:30:53.894 op_executor:invocation_loop(ThreadId(38)) [1P:foundation\op-install\src\windows\nmh_registration.rs:97] Installed BrowserSupport manifest for firefox extension
    INFO 2022-06-10T12:30:53.894 op_executor:invocation_loop(ThreadId(38)) [1P:foundation\op-install\src\windows\nmh_registration.rs:116] Installed BrowserSupport manifest for edge extension
    INFO 2022-06-10T12:30:53.959 tokio-runtime-worker(ThreadId(5)) [1P:ssh\op-agent-controller\src\desktop.rs:311] SSH Agent has started.
    INFO 2022-06-10T12:30:59.853 tokio-runtime-worker(ThreadId(30)) [1P:op-data-layer\src\load.rs:136] loaded 258 items in 9 vaults for account: ZB6IMDWX35FHRG47SVBFXA3RSE
    INFO 2022-06-10T12:30:59.855 tokio-runtime-worker(ThreadId(30)) [1P:data\op-search-weights\src\lib.rs:66] Search weights loaded for account with 2 entries (94 bytes total)
    INFO 2022-06-10T12:30:59.855 op_executor:invocation_loop(ThreadId(38)) [1P:op-app\src\app\backend\unlock.rs:83] Lock state changed: Unlocked
    INFO 2022-06-10T12:31:00.821 tokio-runtime-worker(ThreadId(25)) [1P:op-syncer\src\sync_job.rs:285] synced account ZB6IMDWX35FHRG47SVBFXA3RSE (0.1326503s)
    INFO 2022-06-10T12:31:00.821 tokio-runtime-worker(ThreadId(25)) [1P:op-data-layer\src\file.rs:597] find_and_complete_pending_uploads: 'ZB6IMDWX35FHRG47SVBFXA3RSE'
    INFO 2022-06-10T12:31:01.109 tokio-runtime-worker(ThreadId(32)) [1P:op-data-layer\src\sync.rs:529] The B5 Notifier for (ZB6IMDWX35FHRG47SVBFXA3RSE) has connected, now monitoring for events.
    INFO 2022-06-10T12:31:24.267 tokio-runtime-worker(ThreadId(3)) [status:op-app\src\app\backend\updater.rs:206] No Production updates found for 80701002
    INFO 2022-06-10T12:32:23.455 tokio-runtime-worker(ThreadId(5)) [1P:native-messaging\op-native-core-integration\src\lib.rs:305] Extension connecting.
    INFO 2022-06-10T12:32:23.455 tokio-runtime-worker(ThreadId(5)) [1P:native-messaging\op-native-core-integration\src\lib.rs:307] Extension connection accepted.

    Same commands in PowerShell worked just fine:

    PS C:\Users\Svetlozar> ssh-add -l
    256 SHA256:T885rgjU7HitHw+REDACTED/bY GitHub SSH Key (ED25519)
    
    PS C:\Users\Svetlozar> ssh -T git@github.com
    Hi REDACTED! You've successfully authenticated, but GitHub does not provide shell access.
    

    Nothing additional was added to the log. I can also see 1Password does start its SSH agent. I've also tried turning off the agent entirely (from 1Password's settings) and go through the setup process again with the same result (does not work in Git Bash but it works in PowerShell and CMD).

  • Svetlozar
    Svetlozar
    Community Member

    I have now solved my problem! When installing Git one of the install options is if Git should install its own SSH agent or use the system one. Initially I had selected 'install its own' assuming that I can override it with the sshCommand setting but for whatever reason that setting didn't override it.

    I've re-installed Git with this option unticked this time and it all worked as expected.

  • I'm happy to hear you have solved the problem and thanks for sharing your solution!

This discussion has been closed.