Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Solved
How do I use the SSH agent in headless Linux?
I want to clone a Git repository that needs SSH authorization. On my desktop this is straightforward: I have the 1Password app installed and the SSH agent enabled in its settings. git clone with an SSH URL makes the desktop app prompt me for approval and I get connected properly.
However I want to clone a repository in a Debian Linux LXC. It does not have any GUI installed; I can only connect to it via a shell. I have the 1Password CLI app op installed and connected properly because op vault list works. However I cannot use the SSH agent:
# ssh-add -l
Could not open a connection to your authentication agent.
My ~/.ssh/config looks like:
Host *
IdentityAgent ~/.1password/agent.sock
More context about my CLI installation which is installed from the 1Password Debian repository:
# apt info 1password-cli
Package: 1password-cli
Version: 2.31.1-2
Maintainer: 1Password <support@1password.com>
Installed-Size: unknown
Homepage: https://agilebits.com/
Vendor: 1Password <support@1password.com>
Download-Size: 6729 kB
APT-Manual-Installed: yes
APT-Sources: https://downloads.1password.com/linux/debian/amd64 stable/main amd64 Packages
Description: The official 1Password command-line tool.
# op --version
2.31.1
I don't have a ~/.1password directory so the agent is not set up or not running. How can I get it running without a GUI to approve its use?
I was working on getting this up and running, but alas you will need the 1Password Client installed with a GUI to be able to manage the SSH-Agent. I'm sorry it just won't work without it.
Thanks,
Phil
4 Replies
Is there no plans to make this work? This render any remote host dev work simply pointless and it is incredibly irritating that the terminal would not prompt for the user to input the credentials.
Maybe a hook can notify on the phone of the user to request for approval or something like that? Anything at all rather than the client waiting forever would be good.The only alternative so far is to use a second SSH key to do everything while in CLI.
- 1P_Phil
Moderator
Hi kjdsahtdsjighsdkjgs ,
You'll need to also install the 1Password Client (as it acts as the interface to your vault from the CLI). I don't have a headless system to test this on at the moment, but the following should get you headed in the right direction. Let me know if you have further questions. ~ Phil
sudo apt install 1passwordThen you'll need to replace the existing "IdentityAgent" with a path of the "~/.ssh/config file to
Host * IdentityAgent ~/.config/1Password/ssh/agent.sockThen you'll need to manually configure 1Password
mkdir -p ~/.config/1Password/and create the file "~/.config/1Password/settings.json" and insert
{ "app.developer.sshAgent": true }then authorize using
op signinand you should be able to view your vaults
op vault listfinally check that the SSH Agent is working by
ssh-add -lFinally here are some docs which might help the process
I figured that might be the case but I'm worried it'll try to install a whole X environment due to the many dependencies it wants:
# apt install 1password Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: adwaita-icon-theme at-spi2-common at-spi2-core dconf-gsettings-backend dconf-service gnupg2 gsettings-desktop-schemas gtk-update-icon-cache hicolor-icon-theme libatk-bridge2.0-0 libatk1.0-0 libatspi2.0-0 libauthen-sasl-perl libavahi-client3 libavahi-common-data libavahi-common3 libayatana-appindicator1 libayatana-appindicator3-1 libayatana-ido3-0.4-0 libayatana-indicator3-7 libayatana-indicator7 libclone-perl libcolord2 libcups2 libdata-dump-perl libdbusmenu-glib4 libdbusmenu-gtk3-4 libdbusmenu-gtk4 libdconf1 libegl-mesa0 libegl1 libencode-locale-perl libfile-basedir-perl libfile-desktopentry-perl libfile-listing-perl libfile-mimeinfo-perl libfont-afm-perl libfontenc1 libgail-common libgail18 libgles2 libgtk-3-0 libgtk-3-bin libgtk-3-common libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libio-html-perl libio-socket-ssl-perl libio-stringy-perl libipc-system-simple-perl liblwp-mediatypes-perl liblwp-protocol-https-perl libmailtools-perl libnet-dbus-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl libnotify4 libnspr4 libnss3 libregexp-ipv6-perl libsm6 libtie-ixhash-perl libtimedate-perl libtry-tiny-perl liburi-perl libwww-perl libwww-robotrules-perl libx11-protocol-perl libxaw7 libxcomposite1 libxdamage1 libxft2 libxinerama1 libxkbfile1 libxml-parser-perl libxml-twig-perl libxml-xpathengine-perl libxmu6 libxmuu1 libxt6 libxtst6 libxxf86dga1 perl-openssl-defaults x11-utils x11-xserver-utils xdg-utils zutty Suggested packages: libdigest-hmac-perl libgssapi-perl colord cups-common gvfs libcrypt-ssleay-perl notification-daemon libsub-name-perl libbusiness-isbn-perl libauthen-ntlm-perl libunicode-map8-perl libunicode-string-perl xml-twig-tools debhelper mesa-utils nickle cairo-5c xorg-docs-core- 1P_Phil
I was working on getting this up and running, but alas you will need the 1Password Client installed with a GUI to be able to manage the SSH-Agent. I'm sorry it just won't work without it.
Thanks,
Phil
