How do I use the SSH agent in headless Linux?

I want to clone a Git repository that needs SSH authorization. On my desktop this is straightforward: I have the 1Password app installed and the SSH agent enabled in its settings. git clone with an SSH URL makes the desktop app prompt me for approval and I get connected properly.

However I want to clone a repository in a Debian Linux LXC. It does not have any GUI installed; I can only connect to it via a shell. I have the 1Password CLI app op installed and connected properly because op vault list works. However I cannot use the SSH agent:

# ssh-add -l
Could not open a connection to your authentication agent.

My ~/.ssh/config looks like:

Host *
  IdentityAgent ~/.1password/agent.sock

More context about my CLI installation which is installed from the 1Password Debian repository:

# apt info 1password-cli 
Package: 1password-cli
Version: 2.31.1-2
Maintainer: 1Password <support@1password.com>
Installed-Size: unknown
Homepage: https://agilebits.com/
Vendor: 1Password <support@1password.com>
Download-Size: 6729 kB
APT-Manual-Installed: yes
APT-Sources: https://downloads.1password.com/linux/debian/amd64 stable/main amd64 Packages
Description: The official 1Password command-line tool.

# op --version
2.31.1

I don't have a ~/.1password directory so the agent is not set up or not running. How can I get it running without a GUI to approve its use?

1P_Phil
2 months ago
Hi kjdsahtdsjighsdkjgs,

I was working on getting this up and running, but alas you will need the 1Password Client installed with a GUI to be able to manage the SSH-Agent. I'm sorry it just won't work without it.

Thanks,

Phil

3 Replies

1P_Phil

Moderator

2 months ago

Hi kjdsahtdsjighsdkjgs ,

You'll need to also install the 1Password Client (as it acts as the interface to your vault from the CLI). I don't have a headless system to test this on at the moment, but the following should get you headed in the right direction. Let me know if you have further questions. ~ Phil

sudo apt install 1password

Then you'll need to replace the existing "IdentityAgent" with a path of the "~/.ssh/config file to

Host *
  IdentityAgent ~/.config/1Password/ssh/agent.sock

Then you'll need to manually configure 1Password

mkdir -p ~/.config/1Password/

and create the file "~/.config/1Password/settings.json" and insert

{
  "app.developer.sshAgent": true
}

then authorize using

op signin

and you should be able to view your vaults

op vault list

finally check that the SSH Agent is working by

ssh-add -l

Finally here are some docs which might help the process

kjdsahtdsjighsdkjgs

New Contributor

2 months ago

I figured that might be the case but I'm worried it'll try to install a whole X environment due to the many dependencies it wants:

# apt install 1password
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  adwaita-icon-theme at-spi2-common at-spi2-core dconf-gsettings-backend dconf-service gnupg2
  gsettings-desktop-schemas gtk-update-icon-cache hicolor-icon-theme libatk-bridge2.0-0 libatk1.0-0
  libatspi2.0-0 libauthen-sasl-perl libavahi-client3 libavahi-common-data libavahi-common3
  libayatana-appindicator1 libayatana-appindicator3-1 libayatana-ido3-0.4-0 libayatana-indicator3-7
  libayatana-indicator7 libclone-perl libcolord2 libcups2 libdata-dump-perl libdbusmenu-glib4
  libdbusmenu-gtk3-4 libdbusmenu-gtk4 libdconf1 libegl-mesa0 libegl1 libencode-locale-perl
  libfile-basedir-perl libfile-desktopentry-perl libfile-listing-perl libfile-mimeinfo-perl
  libfont-afm-perl libfontenc1 libgail-common libgail18 libgles2 libgtk-3-0 libgtk-3-bin
  libgtk-3-common libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libhtml-form-perl libhtml-format-perl
  libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl
  libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libio-html-perl
  libio-socket-ssl-perl libio-stringy-perl libipc-system-simple-perl liblwp-mediatypes-perl
  liblwp-protocol-https-perl libmailtools-perl libnet-dbus-perl libnet-http-perl libnet-smtp-ssl-perl
  libnet-ssleay-perl libnotify4 libnspr4 libnss3 libregexp-ipv6-perl libsm6 libtie-ixhash-perl
  libtimedate-perl libtry-tiny-perl liburi-perl libwww-perl libwww-robotrules-perl
  libx11-protocol-perl libxaw7 libxcomposite1 libxdamage1 libxft2 libxinerama1 libxkbfile1
  libxml-parser-perl libxml-twig-perl libxml-xpathengine-perl libxmu6 libxmuu1 libxt6 libxtst6
  libxxf86dga1 perl-openssl-defaults x11-utils x11-xserver-utils xdg-utils zutty
Suggested packages:
  libdigest-hmac-perl libgssapi-perl colord cups-common gvfs libcrypt-ssleay-perl notification-daemon
  libsub-name-perl libbusiness-isbn-perl libauthen-ntlm-perl libunicode-map8-perl
  libunicode-string-perl xml-twig-tools debhelper mesa-utils nickle cairo-5c xorg-docs-core

1P_Phil
Moderator
2 months ago
Hi kjdsahtdsjighsdkjgs,

I was working on getting this up and running, but alas you will need the 1Password Client installed with a GUI to be able to manage the SSH-Agent. I'm sorry it just won't work without it.

Thanks,

Phil

Forum Discussion

How do I use the SSH agent in headless Linux?

3 Replies

Recent Discussions

Console flooded with errors when clicking links during 1Password passkey selection dialog

WSL2 Arm Build

`op account add` with `Integrate with 1Password CLI`

1password doesn't seem to remember the key approval for JetBrains IDEA Ultimate

Use op on headless system with glab?