Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

dnk's avatar
dnk
New Contributor
3 years ago

SSH Keys - The agent has no identities.

Hi there, I am attempting to setup my SSH keys during my trial period (evaluating 1password). I followed the docs, and when I test for the keys, I get the above error, and when I authenticate to a server, I am getting:

```
❯ ssh docker
dustin@10.0.0.33: Permission denied (publickey).

```

Any suggestions?

  • I have rebooted, restarted SSH services post config changes and restarted the 1password app as well.

Thank you very much.

System Specs


❯ cat -p /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=21.10
DISTRIB_CODENAME=impish
DISTRIB_DESCRIPTION="Ubuntu 21.10"

```
1Password for Linux 8.6.0

80600076, on PRODUCTION channel
```


Brave with the chrome extention (2.3.0)

System Config

Key Entry

Desktop App

SSH Config


Host *
IdentityAgent ~/.1password/agent.sock

Processes

```
❯ ps aux | grep 1pass
dustin 1338775 2.4 0.2 25510072 144948 ? Sl 09:52 0:08 /opt/1Password/1password --type=renderer --enable-crashpad --enable-crash-reporter=e902f537-9180-4273-99fa-bdc20a5b2130,no_channel --user-data-dir=/home/dustin/.config/1Password --standard-schemes=resource,file-icon --enable-sandbox --secure-schemes --bypasscsp-schemes=resource,file-icon --cors-schemes --fetch-schemes=resource,file-icon --service-worker-schemes --streaming-schemes --app-path=/opt/1Password/resources/app.asar --enable-sandbox --disable-blink-features=Auxclick --lang=en-GB --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --launch-time-ticks=34298985616 --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,2157891041157314061,2950027978502139891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess
dustin 2644225 0.0 0.0 8748 6148 pts/4 S+ 09:58 0:00 rg 1pass
dustin 4064145 0.3 0.2 21574616 178104 ? Sl 09:46 0:02 /opt/1Password/1password --enable-crashpad
dustin 4064219 0.0 0.0 16993684 48160 ? S 09:46 0:00 /opt/1Password/1password --type=zygote --no-zygote-sandbox --enable-crashpad --enable-crashpad
dustin 4064224 0.0 0.0 16993684 45688 ? S 09:46 0:00 /opt/1Password/1password --type=zygote --enable-crashpad --enable-crashpad
dustin 4064286 0.0 0.0 16993684 12360 ? S 09:46 0:00 /opt/1Password/1password --type=zygote --enable-crashpad --enable-crashpad
dustin 4065377 0.4 0.2 17400988 132784 ? Sl 09:46 0:03 /opt/1Password/1password --type=gpu-process --enable-crashpad --enable-crash-reporter=e902f537-9180-4273-99fa-bdc20a5b2130,no_channel --user-data-dir=/home/dustin/.config/1Password --gpu-preferences=UAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=0,2157891041157314061,2950027978502139891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess
dustin 4065418 0.0 0.0 17059348 58260 ? Sl 09:46 0:00 /opt/1Password/1password --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-crashpad --enable-crash-reporter=e902f537-9180-4273-99fa-bdc20a5b2130,no_channel --user-data-dir=/home/dustin/.config/1Password --standard-schemes=resource,file-icon --enable-sandbox --secure-schemes --bypasscsp-schemes=resource,file-icon --cors-schemes --fetch-schemes=resource,file-icon --service-worker-schemes --streaming-schemes --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,2157891041157314061,2950027978502139891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess --enable-crashpad
dustin 4066455 0.0 0.1 25506024 92712 ? Sl 09:46 0:00 /opt/1Password/1password --type=renderer --enable-crashpad --enable-crash-reporter=e902f537-9180-4273-99fa-bdc20a5b2130,no_channel --user-data-dir=/home/dustin/.config/1Password --standard-schemes=resource,file-icon --enable-sandbox --secure-schemes --bypasscsp-schemes=resource,file-icon --cors-schemes --fetch-schemes=resource,file-icon --service-worker-schemes --streaming-schemes --app-path=/opt/1Password/resources/app.asar --enable-sandbox --disable-blink-features=Auxclick --lang=en-GB --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=33918101183 --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,2157891041157314061,2950027978502139891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess

```

Checking for Keys


❯ export SSH_AUTH_SOCK=~/.1password/agent.sock
❯ ssh-add -l
The agent has no identities.

1Password Version: Linux 8.6.0
Extension Version: version 2.3.0
OS Version: Ubuntu 21.10

SSH
  • Former Member's avatar
    Former Member
    2 years ago

    Works now. Forgot to set the SSH_AUTH_SOCK variable...

  • Former Member's avatar
    Former Member
    2 years ago

    I have the same problem on 8.10.8. Same configuration as @larsrickert.

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team
    2 years ago

    @larsrickert Could you try upgrading to the latest 1Password version? There was a related bug we fixed that may solve your issue.

  • Former Member's avatar
    Former Member
    2 years ago

    Hey together,

    I am also facing the issue that 1Password (Version 8.10.7) does not recognize my SSH keys for signing commits.
    They are inside my personal vault and they worked before. But a few days/weeks ago they stopped working.

    Running "ssh-add -l" shows "The agent has no identities." although I have 3 SSH keys in my personal vault.

    My SSH config:
    Host *
    IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

    My git config:
    [user]
    signingkey = ssh-ed25519

    [gpg]
    format = ssh

    [gpg "ssh"]
    program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"

    [commit]
    gpgsign = true

    The issue occurs both an MacOO 13.4 (22F66) and Windows 11. I am using git version 2.39.2

    Could you help me solve this? Thanks!

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team
    2 years ago

    dnk @miquella Cu3PO42 jc00ke @bbeckford seanboult wavesound

    I wanted to let you know that we're currently working on a solution that allows for the following:
    - Enable keys from other vaults than the Private vault.
    - Create isolated setups with certain keys offered on a separate socket.
    - Control the order in which keys are offered to SSH servers.

    It would be great to get your feedback on our proposal, if you're (still) interested. You can do so by joining the #ssh-agent-config channel in our Slack workspace.

  • seanboult's avatar
    seanboult
    Occasional Contributor
    3 years ago

    What I'd like for a user experience is I can opt-in a whole vault for example:

    App XYZ - UAT (All keys in this vault would be exposed to the agent)

    Or being able to pick a certain key inside a vault marked for usability example:

    App XYZ - PROD => App Server SSH (Only this key would be exposed to the agent)

    Hope that helps add more clarity to what I'm trying to convey.

  • wavesound's avatar
    wavesound
    Frequent Contributor
    3 years ago

    Not sure what you mean by Opt-In vs Individual Key? But I am a fan of removing the limitation!

  • seanboult's avatar
    seanboult
    Occasional Contributor
    3 years ago

    I'd love to have the per vault opt-in but as others have said individual key could be nice as well.