Forum Discussion

kjdsahtdsjighsdkjgs's avatar
kjdsahtdsjighsdkjgs
New Contributor
3 months ago
Solved

How do I use the SSH agent in headless Linux?

I want to clone a Git repository that needs SSH authorization. On my desktop this is straightforward: I have the 1Password app installed and the SSH agent enabled in its settings. git clone with an SSH URL makes the desktop app prompt me for approval and I get connected properly.

However I want to clone a repository in a Debian Linux LXC. It does not have any GUI installed; I can only connect to it via a shell. I have the 1Password CLI app op installed and connected properly because op vault list works. However I cannot use the SSH agent:

# ssh-add -l
Could not open a connection to your authentication agent.

My ~/.ssh/config looks like:

Host *
  IdentityAgent ~/.1password/agent.sock

More context about my CLI installation which is installed from the 1Password Debian repository:

# apt info 1password-cli 
Package: 1password-cli
Version: 2.31.1-2
Maintainer: 1Password <support@1password.com>
Installed-Size: unknown
Homepage: https://agilebits.com/
Vendor: 1Password <support@1password.com>
Download-Size: 6729 kB
APT-Manual-Installed: yes
APT-Sources: https://downloads.1password.com/linux/debian/amd64 stable/main amd64 Packages
Description: The official 1Password command-line tool.

# op --version
2.31.1

I don't have a ~/.1password directory so the agent is not set up or not running. How can I get it running without a GUI to approve its use?

  • 1P_Phil's avatar
    1P_Phil
    3 months ago

    Hi kjdsahtdsjighsdkjgs​,

    I was working on getting this up and running, but alas you will need the 1Password Client installed with a GUI to be able to manage the SSH-Agent.  I'm sorry it just won't work without it.

    Thanks,

    Phil

4 Replies

  • JohnM's avatar
    JohnM
    New Member

    Is there no plans to make this work? This render any remote host dev work simply pointless and it is incredibly irritating that the terminal would not prompt for the user to input the credentials.

    Maybe a hook can notify on the phone of the user to request for approval or something like that? Anything at all rather than the client waiting forever would be good.

    The only alternative so far is to use a second SSH key to do everything while in CLI.

  • Hi kjdsahtdsjighsdkjgs​ ,

    You'll need to also install the 1Password Client (as it acts as the interface to your vault from the CLI). I don't have a headless system to test this on at the moment, but the following should get you headed in the right direction. Let me know if you have further questions. ~ Phil

    sudo apt install 1password

    Then you'll need to replace the existing "IdentityAgent" with a path of the "~/.ssh/config file to

    Host *
      IdentityAgent ~/.config/1Password/ssh/agent.sock

    Then you'll need to manually configure 1Password

    mkdir -p ~/.config/1Password/

    and create the file "~/.config/1Password/settings.json" and insert

    {
      "app.developer.sshAgent": true
    }

    then authorize using 

    op signin

    and you should be able to view your vaults

    op vault list

    finally check that the SSH Agent is working by

    ssh-add -l

    Finally here are some docs which might help the process

    • kjdsahtdsjighsdkjgs's avatar
      kjdsahtdsjighsdkjgs
      New Contributor

      I figured that might be the case but I'm worried it'll try to install a whole X environment due to the many dependencies it wants:

      # apt install 1password
      Reading package lists... Done
      Building dependency tree... Done
      Reading state information... Done
      The following additional packages will be installed:
        adwaita-icon-theme at-spi2-common at-spi2-core dconf-gsettings-backend dconf-service gnupg2
        gsettings-desktop-schemas gtk-update-icon-cache hicolor-icon-theme libatk-bridge2.0-0 libatk1.0-0
        libatspi2.0-0 libauthen-sasl-perl libavahi-client3 libavahi-common-data libavahi-common3
        libayatana-appindicator1 libayatana-appindicator3-1 libayatana-ido3-0.4-0 libayatana-indicator3-7
        libayatana-indicator7 libclone-perl libcolord2 libcups2 libdata-dump-perl libdbusmenu-glib4
        libdbusmenu-gtk3-4 libdbusmenu-gtk4 libdconf1 libegl-mesa0 libegl1 libencode-locale-perl
        libfile-basedir-perl libfile-desktopentry-perl libfile-listing-perl libfile-mimeinfo-perl
        libfont-afm-perl libfontenc1 libgail-common libgail18 libgles2 libgtk-3-0 libgtk-3-bin
        libgtk-3-common libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libhtml-form-perl libhtml-format-perl
        libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl
        libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libio-html-perl
        libio-socket-ssl-perl libio-stringy-perl libipc-system-simple-perl liblwp-mediatypes-perl
        liblwp-protocol-https-perl libmailtools-perl libnet-dbus-perl libnet-http-perl libnet-smtp-ssl-perl
        libnet-ssleay-perl libnotify4 libnspr4 libnss3 libregexp-ipv6-perl libsm6 libtie-ixhash-perl
        libtimedate-perl libtry-tiny-perl liburi-perl libwww-perl libwww-robotrules-perl
        libx11-protocol-perl libxaw7 libxcomposite1 libxdamage1 libxft2 libxinerama1 libxkbfile1
        libxml-parser-perl libxml-twig-perl libxml-xpathengine-perl libxmu6 libxmuu1 libxt6 libxtst6
        libxxf86dga1 perl-openssl-defaults x11-utils x11-xserver-utils xdg-utils zutty
      Suggested packages:
        libdigest-hmac-perl libgssapi-perl colord cups-common gvfs libcrypt-ssleay-perl notification-daemon
        libsub-name-perl libbusiness-isbn-perl libauthen-ntlm-perl libunicode-map8-perl
        libunicode-string-perl xml-twig-tools debhelper mesa-utils nickle cairo-5c xorg-docs-core
      • 1P_Phil's avatar
        1P_Phil
        Icon for Moderator rankModerator

        Hi kjdsahtdsjighsdkjgs​,

        I was working on getting this up and running, but alas you will need the 1Password Client installed with a GUI to be able to manage the SSH-Agent.  I'm sorry it just won't work without it.

        Thanks,

        Phil