I am not seeing this issue for the offered key types. Instead I saw this is in my log using the GitHub test:

```
ssh -T git@github.com

WARN 2022-04-11T19:43:23.382 ThreadId(1) [1P:foundation\op-windows\src\windows\window.rs:222] failed to bring window to the foreground
INFO 2022-04-11T19:43:28.355 op_executor:invocation_loop(ThreadId(12)) [1P:op-app\src\app\backend\frontend.rs:24] Front end event: window closed
WARN 2022-04-11T19:43:43.148 ThreadId(1) [1P:foundation\op-windows\src\windows\window.rs:222] failed to bring window to the foreground

```
I quit 1Password and re-launched it. Now I'm getting the pop up authorization window. So something caused the auth window to not show up. This was after a reboot and I have 1P set to startup automatically.

K_J__1P oh I see, I understand..!

I really like 1Password's policy of not supporting unsecured key formats.
I was able to learn more about SSH because of the specific suggestions made. Thank you!

I tried

```
❯ cat ~/.ssh/config

Host target-onpremise-host
HostName AAA.BBB.CCC.DDD
Port 8022
User chatii
IdentityFile "~/.ssh/target-onpremise-host"

❯ ssh -vvT target-onpremise-host ls |& grep 'peer server KEXINIT proposal' -A3 | grep 'host key algorithms'
debug2: host key algorithms: ssh-rsa,ssh-dss
```

K_J__1P oh I see, I understand..!

I really like 1Password's policy of not supporting unsecured key formats.
I was able to learn more about SSH because of the specific suggestions made. Thank you!

I tried

```
❯ cat ~/.ssh/config

Host target-onpremise-host
HostName AAA.BBB.CCC.DDD
Port 8022
User chatii
IdentityFile "~/.ssh/target-onpremise-host"

❯ ssh -vvT target-onpremise-host ls |& grep 'peer server KEXINIT proposal' -A3 | grep 'host key algorithms'
debug2: host key algorithms: ssh-rsa,ssh-dss
```

@chatii A possible cause is the client/server is attempting key exchange with ssh-rsa (RSA with SHA1) which is not supported. 1Password currently only supports rsa-sha2-512 and rsa-sha2-256 for RSA keys. A quick way to test is with the following command:

```

Github supports rsa-sha2 and it takes precedence over ssh-rsa

ssh -vvT git@github.com ls |& grep 'peer server KEXINIT proposal' -A3 | grep 'host key algorithms'
debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa

Azure DevOps only supports ssh-rsa

ssh -vvT git@ssh.dev.azure.com ls |& grep 'peer server KEXINIT proposal' -A3 | grep 'host key algorithms'
debug2: host key algorithms: ssh-rsa
```

If rsa-sha2 is supported, but has lower preference than ssh-rsa, PubkeyAcceptedKeyTypes in ~/.ssh/config can be used to remove it from the proposed lois

I am experiencing similar problems.
* 1Password for Mac 8.6.0 80600081, on BETA channel
* 1Password for Mac 8.7.0 80700002, on BETA channel

Created Ed25519 key for GitHub in 1Password and set IdentityAgent in ~/.ssh/config.
(There are no other settings in ~/.ssh/config).
And ssh -T git@github.com succeeded.

Next, a key was created with RSA (4096 bits) to connect to another host.
ssh user@my-host and was prompted to unlock by Touch ID, but could not connect.
When the -vT option was enabled, the following log was displayed.


...
debug1: Will attempt key: GitHub SSH chatii ED25519 SHA256:{} agent
debug1: Will attempt key: insprout ProxyServer chatii SSH Key RSA SHA256:{} agent
...
debug1: Authentications that can continue: publickey
debug1: Offering public key: my host RSA SHA256:{} agent
debug1: Server accepts key: my host RSA SHA256:{} agent
sign_and_send_pubkey: signing failed for RSA "my host SSH Key" from agent: agent refused operation
...
debug1: No more authentication methods to try.
user@myhost: Permission denied (publickey).


To find out where the problem lies, copy the private key generated by 1Password to ~/.ssh/my-host and try ssh -i ~/.ssh/my-host user@myhost - this method works.

I have also tried disabling and enabling the SSH agent in 1Password and upgrading (8.6.0 => 8.7.0), but this does not fix the problem.

Hey all, we've implemented some fixes that could solve some of the issues mentioned above, which are available on the latest stable and beta release.

Let us know if that fixes your issues.

@TMoneyAllDey For the Windows issue with RSA, do you see anything appear in the logs (%LOCALAPPDATA%/1Password/logs) when you run your SSH command? And you're saying it does work when you generate a new Ed25519 key using 1Password, but what happens if you generate a new RSA key using 1Password?

@SV337 thanks for the update! I tried it without tmux, however with alacritty + bash, and still wasn't able to get it to work. Sounds like the team is on it though, I'll hang tight as well and keep an eye on this thread! :)

In case it helps, the 1Password_rCURRENT.log file now said Session was not authorized for each attempt from that alacritty / bash (w/o Tmux) window.

I tried restarting the agent by unchecking and rechecking the option in the desktop 1P 8 client and saw SSH Agent is stopping and then SSH agent is starting in the logs. However, it immediately went back to Session was not authorized after attempting to login via SSH with the Agent set in ~/.ssh/config.

I also intermittently had messages saying New unlock was suppressed because a previous unlock was rejected or the lock screen was displayed, between these "Session not authorized" logs.

Just a quick message to say that the issue was coming from tmux on my side. It is apparently a known issue that the 1Password team is working on.

When trying it under alacritty + zsh without tmux it is working fine. I'll wait for the fix to land to start using it!

In my ~/.config/1Password/logs/1Password_rCURRENT.log file, I now see a bunch of lines of


WARN 2022-02-19T12:31:26.930 tokio-runtime-worker(ThreadId(4)) [1P:ssh/op-ssh-agent/src/lib.rs:252] Unable to get client_info for pid: 123


Whenever I try to use the agent, i.e. with the Github test cmd (ssh -T git@github.com) and see the agent refused operationo error message.

Before these error messages, I do see some INFO type messages that the SSH agent was successfully started though!

Sure, I get more or less the same thing as you can


debug1: Will attempt key: ED25519 SHA256:DGsj4tgVBWjC1KKhu7jhs5HA/1CiY+e8YoH+uWA3GRw agent
debug1: Will attempt key: ED25519 SHA256:X1vpNjmAwANO/gPVdvde1J/e+ZBmQELv+7raKMIgGdQ agent
debug1: Will attempt key: ED25519 SHA256:vwjBnRxnegnivkKfqRt0FxOGsyoSVJ0st2YNs4nyPkQ agent
debug1: Will attempt key: ED25519 SHA256:/3qGzZTtnZL7SiYcqlhaEupbDfXn4jEJrqJWNhLUs3o agent
[...]
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ED25519 SHA256:DGsj4tgVBWjC1KKhu7jhs5HA/1CiY+e8YoH+uWA3GRw agent
debug1: Server accepts key: ED25519 SHA256:DGsj4tgVBWjC1KKhu7jhs5HA/1CiY+e8YoH+uWA3GRw agent
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
debug1: Offering public key: ED25519 SHA256:X1vpNjmAwANO/gPVdvde1J/e+ZBmQELv+7raKMIgGdQ agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: ED25519 SHA256:vwjBnRxnegnivkKfqRt0FxOGsyoSVJ0st2YNs4nyPkQ agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: ED25519 SHA256:/3qGzZTtnZL7SiYcqlhaEupbDfXn4jEJrqJWNhLUs3o agent
debug1: Server accepts key: ED25519 SHA256:/3qGzZTtnZL7SiYcqlhaEupbDfXn4jEJrqJWNhLUs3o agent
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
[...]
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).


I have 4 SSH keys on my 1Password vault at the moment, so it looks like it is able to retrieve these from the agent correctly.