Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Just tried to configure 1Password SSH and am having trouble (Windows 11)
Hi, I get an error when I try the test recommended in the set up document. When I run ssh -T git@github.com, I get
sign_and_send_pubkey: signing failed: agent refused operation
git@github.com: Permission denied (publickey).
I'm using an existing RSA pem key I've used for github for many years. I imported it into 1Password and the fingerprint in github and in 1password match exactly. I installed the beta 8 version, I disabled openSSH service on my windows 11 machine, and I enabled the 1password SSH service in settings. I also turned on Windows Hello and set a pin. After all this, I restarted 1password.
If I run ssh-add -l, I see the single fingerprint I have imported into 1password.
If I go into 1password and disable the ssh service, I get
Error connecting to agent: No such file or directory
when running ssh-add -l so 1password SSH service is certainly being used
I just tried this command and found more info. ssh -vT git@github.com
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:xxx agent
debug1: Server accepts key: RSA SHA256:xxx agent
sign_and_send_pubkey: signing failed: agent refused operation
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 11
I'm having a similar issue on Windows, where the SSH key works, but I still get
sign_and_send_pubkey: signing failed: agent refused operation.```
➜ ssh -T git@github.com
sign_and_send_pubkey: signing failed: agent refused operation
Hi xxx! You've successfully authenticated, but GitHub does not provide shell access.➜ ssh-add -l
256 SHA256:xxx (ED25519)
```EDIT: well, in my case, restarting the gpg agent fixed it!
Interesting, I'm pretty much at the same place.
I've added a few of my keys to my vault, and
ssh-add -llists them all. When testing it withgit@github.com, my systems behavior is pretty much the same as OP.
❯ ssh -vT git@github.com
OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021
debug1: Reading configuration data /home/ndo/.ssh/config
debug1: /home/ndo/.ssh/config line 11: Applying options for github.com
debug1: /home/ndo/.ssh/config line 541: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [140.82.121.4] port 22.
debug1: Connection established.
debug1: identity file /home/ndo/.ssh/id_ndo4.pub type 0
debug1: identity file /home/ndo/.ssh/id_ndo4.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version babeld-e1420b26
debug1: compat_banner: no match: babeld-e1420b26
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /home/ndo/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:abc123
debug1: load_hostkeys: fopen /home/ndo/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/ndo/.ssh/known_hosts:41
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/ndo/.ssh/id_ndo4.pub RSA SHA256:abc123 explicit agent
debug1: Will attempt key: RSA SHA256:abc123 agent
debug1: Will attempt key: ED25519 SHA256:abc123 agent
debug1: Will attempt key: RSA SHA256:abc123 agent
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ndo/.ssh/id_ndo4.pub RSA SHA256:abc123 explicit agent <-- this is the correct public key that should work imo
debug1: Server accepts key: /home/ndo/.ssh/id_ndo4.pub RSA SHA256:abc123 explicit agent
sign_and_send_pubkey: signing failed for RSA "/home/ndo/.ssh/id_ndo4.pub" from agent: agent refused operation
debug1: Offering public key: RSA SHA256:abc123 agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: ED25519 SHA256:abc123 agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: RSA SHA256:abc123 agent
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).
~
❯ ssh-add -l
2048 SHA256:abc123 (RSA)
4096 SHA256:abc123 (RSA)
256 SHA256:abc123 (ED25519)
2048 SHA256:abc123 (RSA)
I see the
agent.sockfile in~/.1password/andlsofsays an active 1Password process has it open.I wanted to add, my
.ssh/configentry forgithub.comlooks like this:
host github.com
user git
IdentityAgent "~/.1password/agent.sock"
IdentityFile ~/.ssh/id_ndo4.pub
System:
Arch Linux 5.17
OP Cli 2.0.0-beta.12
OP App 8.6.0@TMoneyAllDey Sure, I get more or less the same thing as you did:
debug1: Will attempt key: ED25519 SHA256:<sha256sum> agent
debug1: Will attempt key: ED25519 SHA256:<sha256sum> agent
debug1: Will attempt key: ED25519 SHA256:<sha256sum> agent
debug1: Will attempt key: ED25519 SHA256:<sha256sum> agent
[...]
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ED25519 SHA256:<sha256sum> agent
debug1: Server accepts key: ED25519 SHA256:<sha256sum> agent
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
debug1: Offering public key: ED25519 SHA256:<sha256sum> agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: ED25519 SHA256:<sha256sum> agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: ED25519 SHA256: agent
debug1: Server accepts key: ED25519 SHA256:<sha256sum> agent
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
[...]
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).
I have 4 SSH keys on my 1Password vault at the moment, so it looks like it is able to retrieve these from the agent correctly.
Sure, I get more or less the same thing as you did:
debug1: Will attempt key: ED25519 SHA256:DGsj4tgVBWjC1KKhu7jhs5HA/1CiY+e8YoH+uWA3GRw agent
debug1: Will attempt key: ED25519 SHA256:X1vpNjmAwANO/gPVdvde1J/e+ZBmQELv+7raKMIgGdQ agent
debug1: Will attempt key: ED25519 SHA256:vwjBnRxnegnivkKfqRt0FxOGsyoSVJ0st2YNs4nyPkQ agent
debug1: Will attempt key: ED25519 SHA256:/3qGzZTtnZL7SiYcqlhaEupbDfXn4jEJrqJWNhLUs3o agent
[...]
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ED25519 SHA256:DGsj4tgVBWjC1KKhu7jhs5HA/1CiY+e8YoH+uWA3GRw agent
debug1: Server accepts key: ED25519 SHA256:DGsj4tgVBWjC1KKhu7jhs5HA/1CiY+e8YoH+uWA3GRw agent
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
debug1: Offering public key: ED25519 SHA256:X1vpNjmAwANO/gPVdvde1J/e+ZBmQELv+7raKMIgGdQ agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: ED25519 SHA256:vwjBnRxnegnivkKfqRt0FxOGsyoSVJ0st2YNs4nyPkQ agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: ED25519 SHA256:/3qGzZTtnZL7SiYcqlhaEupbDfXn4jEJrqJWNhLUs3o agent
debug1: Server accepts key: ED25519 SHA256:/3qGzZTtnZL7SiYcqlhaEupbDfXn4jEJrqJWNhLUs3o agent
sign_and_send_pubkey: signing failed for ED25519 "" from agent: agent refused operation
[...]
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).
I have 4 keys setup on 1password at the moment, so I'm guessing it's able to retrieve these from the agent correctly.
