Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
SSH Keys - The agent has no identities.
Hi there, I am attempting to setup my SSH keys during my trial period (evaluating 1password). I followed the docs, and when I test for the keys, I get the above error, and when I authenticate to a server, I am getting:
```
❯ ssh docker
dustin@10.0.0.33: Permission denied (publickey).
```
Any suggestions?
- I have rebooted, restarted SSH services post config changes and restarted the 1password app as well.
Thank you very much.
System Specs
❯ cat -p /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=21.10
DISTRIB_CODENAME=impish
DISTRIB_DESCRIPTION="Ubuntu 21.10"
```
1Password for Linux 8.6.0
80600076, on PRODUCTION channel
```
Brave with the chrome extention (2.3.0)
System Config
Key Entry
Desktop App
SSH Config
Host *
IdentityAgent ~/.1password/agent.sock
Processes
```
❯ ps aux | grep 1pass
dustin 1338775 2.4 0.2 25510072 144948 ? Sl 09:52 0:08 /opt/1Password/1password --type=renderer --enable-crashpad --enable-crash-reporter=e902f537-9180-4273-99fa-bdc20a5b2130,no_channel --user-data-dir=/home/dustin/.config/1Password --standard-schemes=resource,file-icon --enable-sandbox --secure-schemes --bypasscsp-schemes=resource,file-icon --cors-schemes --fetch-schemes=resource,file-icon --service-worker-schemes --streaming-schemes --app-path=/opt/1Password/resources/app.asar --enable-sandbox --disable-blink-features=Auxclick --lang=en-GB --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --launch-time-ticks=34298985616 --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,2157891041157314061,2950027978502139891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess
dustin 2644225 0.0 0.0 8748 6148 pts/4 S+ 09:58 0:00 rg 1pass
dustin 4064145 0.3 0.2 21574616 178104 ? Sl 09:46 0:02 /opt/1Password/1password --enable-crashpad
dustin 4064219 0.0 0.0 16993684 48160 ? S 09:46 0:00 /opt/1Password/1password --type=zygote --no-zygote-sandbox --enable-crashpad --enable-crashpad
dustin 4064224 0.0 0.0 16993684 45688 ? S 09:46 0:00 /opt/1Password/1password --type=zygote --enable-crashpad --enable-crashpad
dustin 4064286 0.0 0.0 16993684 12360 ? S 09:46 0:00 /opt/1Password/1password --type=zygote --enable-crashpad --enable-crashpad
dustin 4065377 0.4 0.2 17400988 132784 ? Sl 09:46 0:03 /opt/1Password/1password --type=gpu-process --enable-crashpad --enable-crash-reporter=e902f537-9180-4273-99fa-bdc20a5b2130,no_channel --user-data-dir=/home/dustin/.config/1Password --gpu-preferences=UAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=0,2157891041157314061,2950027978502139891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess
dustin 4065418 0.0 0.0 17059348 58260 ? Sl 09:46 0:00 /opt/1Password/1password --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-crashpad --enable-crash-reporter=e902f537-9180-4273-99fa-bdc20a5b2130,no_channel --user-data-dir=/home/dustin/.config/1Password --standard-schemes=resource,file-icon --enable-sandbox --secure-schemes --bypasscsp-schemes=resource,file-icon --cors-schemes --fetch-schemes=resource,file-icon --service-worker-schemes --streaming-schemes --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,2157891041157314061,2950027978502139891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess --enable-crashpad
dustin 4066455 0.0 0.1 25506024 92712 ? Sl 09:46 0:00 /opt/1Password/1password --type=renderer --enable-crashpad --enable-crash-reporter=e902f537-9180-4273-99fa-bdc20a5b2130,no_channel --user-data-dir=/home/dustin/.config/1Password --standard-schemes=resource,file-icon --enable-sandbox --secure-schemes --bypasscsp-schemes=resource,file-icon --cors-schemes --fetch-schemes=resource,file-icon --service-worker-schemes --streaming-schemes --app-path=/opt/1Password/resources/app.asar --enable-sandbox --disable-blink-features=Auxclick --lang=en-GB --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=33918101183 --shared-files=v8_context_snapshot_data:100 --field-trial-handle=0,2157891041157314061,2950027978502139891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess
```
Checking for Keys
❯ export SSH_AUTH_SOCK=~/.1password/agent.sock
❯ ssh-add -l
The agent has no identities.
1Password Version: Linux 8.6.0
Extension Version: version 2.3.0
OS Version: Ubuntu 21.10
floris_1P I'd love an opt-in per vault, but per individual key would also be useful to be honest!
Honestly, it would be cool to be able to use the secret reference syntax.
Ah, this is what's been getting me! We store shared SSH keys in staging and production vaults and I was wondering why the 1Password SSH agent stopped working. Yeah, would love either per-vault (probably ideal in my case) or per-key.
I would also like the ability to configure the keys the agent will use either per vault or per key. In a perfect world, I'd like a per vault setting and an optional per-key override, but realistically, I believe having either option would be fine. However, I would also like the ability to disable keys from the Private vault. This can obviously be worked around by moving those keys to yet another vault, but it would be a nice touch in my opinion.
floris_1P1Password Team
Correct, the agent will only use keys from your Private/Personal vault. We're working on a way to remove this limitation by offering an opt-in mechanism to use keys from other vaults. When doing so, would you guys prefer an opt in per vault or per individual key?
being in my "Work" vault, not my "Private" vault.THIS!!!
I had a separate vault for SSH keys. Once I moved it back, everything worked as expected!
Thanks a TON.
I've been running into a very similar error trying to setup the 1Password SSH Agent. Eventually I was able to sort out that mine was due to my SSH key being in my "Work" vault, not my "Private" vault.
Differences in my environment:
- Fedora 35
- Chrome Browser
-~/.ssh/configssh_config
Host *
IdentityAgent ~/.1password/agent.sock
IdentityFile ~/.ssh/id_op.pub
IdentitiesOnly yes
