SSH setup on Windows - Permission Denied error

TallonRain
TallonRain
Community Member
edited September 2022 in SSH

I've been working to set up my SSH agent with 1Password as per today's release on my computers. I was able to set it up on macOS, but Windows is giving me an issue where the ssh agent can't find the key generated by 1Password. Running the test command ssh -T git@github.com simply yields the git@github.com: Permission denied (publickey). error.

What's the best practice to set this up in the case where 1Password generated the ssh key?

GitHub does have my key. To be clear, this works on my macOS devices, but not on Windows.


1Password Version: 8.9.5
Extension Version: Not Provided
OS Version: Windows 11 Pro for Workstations
Browser:_ Chrome

Comments

  • Could you provide the output of:

    ssh -vT git@github.com
    

    And of:

    ssh-add -l
    
  • TallonRain
    TallonRain
    Community Member

    Certainly. The output is as follows:

    ❯ ssh -vT git@github.com
    OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3
    debug1: Reading configuration data C:\\Users\\Kyle/.ssh/config
    debug1: C:\\Users\\Kyle/.ssh/config line 1: Applying options for *
    debug1: Connecting to github.com [192.30.255.112] port 22.
    debug1: Connection established.
    debug1: identity file C:\\Users\\Kyle/.ssh/id_rsa type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_rsa-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ecdsa type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ecdsa-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ecdsa_sk type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ecdsa_sk-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ed25519 type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ed25519-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ed25519_sk type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_ed25519_sk-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_xmss type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_xmss-cert type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_dsa type -1
    debug1: identity file C:\\Users\\Kyle/.ssh/id_dsa-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.9
    debug1: Remote protocol version 2.0, remote software version babeld-81baa361
    debug1: compat_banner: no match: babeld-81baa361
    debug1: Authenticating to github.com:22 as 'git'
    debug1: load_hostkeys: fopen C:\\Users\\Kyle/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ssh-ed25519
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: SSH2_MSG_KEX_ECDH_REPLY received
    debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
    debug1: load_hostkeys: fopen C:\\Users\\Kyle/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
    debug1: Host 'github.com' is known and matches the ED25519 host key.
    debug1: Found key in C:\\Users\\Kyle/.ssh/known_hosts:1
    debug1: rekey out after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey in after 134217728 blocks
    debug1: get_agent_identities: ssh_get_authentication_socket: No such file or directory
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_rsa
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_ecdsa
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_ecdsa_sk
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_ed25519
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_ed25519_sk
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_xmss
    debug1: Will attempt key: C:\\Users\\Kyle/.ssh/id_dsa
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_rsa
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_ecdsa
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_ecdsa_sk
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_ed25519
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_ed25519_sk
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_xmss
    debug1: Trying private key: C:\\Users\\Kyle/.ssh/id_dsa
    debug1: No more authentication methods to try.
    git@github.com: Permission denied (publickey).
    
    
    ❯ ssh-add -l
    256 SHA256:iDHYAgQKPtwY3Jv6LyqfDZ6iZIhmL3So0we+EN88wQ4 1Password SSH Key (ED25519)
    
  • TallonRain
    TallonRain
    Community Member

    Hi there, any suggestions?

  • Could you share your SSH config?

  • TallonRain
    TallonRain
    Community Member

    In the /.ssh config file:

    Host *
        IdentityAgent "~/.1password/agent.sock"
    
    
  • Ah, that explains the error that you're seeing. In OpenSSH for Windows, the agent communication does not happen over a socket like it does on macOS or Linux, but over the \\.\pipe\openssh-ssh-agent pipe.

    This actually happens automatically, so you don't have set IdentityAgent in your SSH config. Could you try removing that snippet and run the SSH command again?

  • TallonRain
    TallonRain
    Community Member
    edited September 2022

    Ah-ha, that did it. Interesting, I believe I added that erroneous config as a troubleshooting step, but as you say it's working automatically now that it has been removed. Thanks for the help!

This discussion has been closed.