SSH: The agent has no identities. (Searched the community first.)

Options
Ryan Parman
Ryan Parman
Community Member
in SSH

Firstly, my SSH keys are in my FamilyPersonal vault. (I know that a lot of previous posts missed this.)

I'm attempting to follow this instruction from @floris_1P, and am getting the following result (linebreaks added for clarity):

$ export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock

$ echo $SSH_AUTH_SOCK
/Users/ryan_parman/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock

$ ssh-add -l
4096 SHA256:VwJJgAt2KOl5NKW4ghD7pA8op7uzgX+2UZi2Xf6ZKe0 RSA (RSA)
256 SHA256:Z179SEUcyJlRoNKxxE49bn6i1VbrlL9uENW3VeapQ4s ED25519 (ED25519)

$ docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" alpine sh -c 'apk add openssh && ssh-add -l'
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
(1/10) Installing openssh-keygen (9.1_p1-r2)
(2/10) Installing ncurses-terminfo-base (6.3_p20221119-r0)
(3/10) Installing ncurses-libs (6.3_p20221119-r0)
(4/10) Installing libedit (20221030.3.1-r0)
(5/10) Installing openssh-client-common (9.1_p1-r2)
(6/10) Installing openssh-client-default (9.1_p1-r2)
(7/10) Installing openssh-sftp-server (9.1_p1-r2)
(8/10) Installing openssh-server-common (9.1_p1-r2)
(9/10) Installing openssh-server (9.1_p1-r2)
(10/10) Installing openssh (9.1_p1-r2)
Executing busybox-1.35.0-r29.trigger
OK: 14 MiB in 25 packages

The agent has no identities.

Common stuff like git push and git pull work correctly, with 1Password prompting me to authorize.

And this is my SSH config.

$ cat ~/.ssh/config
Host *
  AddKeysToAgent yes
  ControlMaster auto
  ControlPath /tmp/%r@%h:%p
  ControlPersist 600
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

Host 10.* *.ec2.internal
  PreferredAuthentications publickey
  StrictHostKeyChecking no

Any ideas?

1Password Version: 1Password for Mac 8.10.6 (81006021)
Extension Version: N/A
OS Version: macOS 13.3.1 (a) (22E772610a)
Browser:_ N/A

Comments

  • floris_1P
    floris_1P
    Options

    To get it to work with Docker for Mac, the Docker for Mac application itself needs SSH_AUTH_SOCK set. Here are two ways how to do that on macOS.

  • Ryan Parman
    Ryan Parman
    Community Member
    Options

    points to the export SSH_AUTH_SOCK in the original post.

    Did I do something wrong in my original post?

  • dmbuil
    dmbuil
    Community Member
    Options

    Thing is, the same is happening to me as well; out of the blue, the SSH agent integration stopped working.
    I do have Git Signing & Auth keys, and none of them are recognized when I do a ssh-add -l.

    A couple of days ago, I could sign and log into GitHub smoothly. (I don't have an SSH-ready server as of now to check whether the key-based login is working).
    I have 1Password for Mac 8.10.7 (81007001) and MacOS 12.6.3 (21G419).

  • MartonS1P
    MartonS1P
    Options

    Hey @dmbuil and @Ryan Parman.

    Make sure you update to the latest version of the app. If the issue still occurs, could you try reproducing it by running an ssh command and checking the logs of the 1Password app? You can find the logs under "Help" -> "Troubleshooting" -> "Open Logs folder" -> "1Password_rCURRENT.log".

    If you see any logs related to ssh, please let me know. These logs will help us identify the issue you're encountering.

  • floris_1P
    floris_1P
    Options

    @dmbuil Did you move your keys out of the default Private/Personal vault, by any chance?

    And just checking to make sure: is your issue related to Docker as well, like the original post?

  • floris_1P
    floris_1P
    Options

    Did I do something wrong in my original post?

    @Ryan Parman Just the shell export alone doesn't do the trick. The socket needs to be passed down to the Docker for Mac app. Either using the open command or using launchctl, as described here.

  • dmbuil
    dmbuil
    Community Member
    Options

    Thanks, @MartonS1P , @floris_1P , for your answer.
    Yesterday, I managed to solve the issue by doing a clean install of 1P, as 1Password_rCURRENT.log wasn't verbose enough either for me to keep investigating.

    After that, ssh-add -l started working smoothly:

    ssh-add -l
256 SHA256:zojQYofphA1Wfx*****d8qb96m5*****wInWxxS4 v-proxy_Ed25519 (ED25519)
3072 SHA256:us47I3bBvYXr3*****MNB4jr9gcvPp/U*****vk ftpjcmgt02_Ed25519 (RSA)
4096 SHA256:aVPGbgByminaTsO*****b538Ivmn1CzNnRDsZrgj3g GitHub SSH Auth Key (RSA)
256 SHA256:eMFn+ah2/Xd/cAM5s4mtZJMVVjPgUT*****P7kJTD8 GitHub SSH Signing Key (ED25519)
3072 SHA256:qn4luzQ53LP*****RJQFbCs1/oD2A53+****+up+6c Clave SSH (RSA)
3072 SHA256:oaqyyLdfKysKtv0aZR******Hq7tMbQ1tHZOWok1SE id_rsa_rpi2 (RSA)

    @floris_1P , it happened to me both on Docker and ordinary terminal, and yes, they are placed on my Personal Vault.
    What I've noticed though is that setting the symlink on the .ssh/config does not work, and have to use the absolute path to the socket:

    Host *
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
  #IdentityAgent ~/.1password/agent.sock # <--- this does not work, no matter if single-or-double-quoted or not
[... other ssh config ...]

    Maybe that's normal for .ssh/config syntax, I am not that expert on ssh.

This discussion has been closed.