Sign in Subscribe

I no longer have ssh keys on my machine

1password can keep track of and hold your ed25519 and rsa ssh keys. I still ran into permission denied errors. Here's how I fixed the configs to make it work.

Gabor Javorszky

2 min read
I no longer have ssh keys on my machine

Aha! You fell for the clickbaity title! Of course I have ssh keys, they’re just not in the usual place in ~/.ssh, instead they’re stored in 1password.

1password is excellent, and with their recent updates whereby you can store (and share across machines) your ssh keys, AND set up commit signing using the same keys, well, I no longer have a reason to keep gpgsuite on my here computer!

There were a few small hurdles along the way, so here’s a short doc on what went wrong and what I did to fix it.

Instructions

When you look at the documentation on how to set up the ssh agent and how to enable git to use it, they are easy to follow, and I had zero issues adding / modifying the configuration to what I had.

Except even with those in, I kept getting permission denieds (public keys) for GitHub.

I double checked that the configurations were correct, I made sure that I set up the symbolic link (I’m on Mac), I verified that that works, I set up the env var, verified that that works, made sure that everything matches and there are no linting issues in my config files.

Still nothing.

The problem / fix

After a bunch of trial and error, the best way to describe the fix is that while it’s important to make sure that what needs to be in the config files is there, it’s equally important to make sure that what needs to be absent from the config files is also removed.

My ~/.ssh/config file looked like this.

Host *
	IdentitesOnly yes
	AddKeysToAgent yes
	UseKeychain yes

Host whatever
	User jondoe
	IdentityFile ~/.ssh/id_ed25519

After I added the identity agent that 1password told me to, it now looked like this:

Host *
	IdentityAgent "~/.1password/agent.sock"
	IdentitesOnly yes
	AddKeysToAgent yes
	UseKeychain yes

Host whatever
	User jondoe
	IdentityFile ~/.ssh/id_ed25519

Now the problem is that the identity file was removed – it’s now in 1password instead of the ssh folder–,  so had to remove those lines, the keychain is no longer relevant, and for whatever reason I also had to remove the IdentitiesOnly yes line. My actual, working config file now looks like this:

Host *
	IdentityAgent "~/.1password/agent.sock"

Host whatever
	User jondoe

And tadaa, ssh -T -v git@github.com correctly asks 1password for the ssh keys it knows about, and happily offers them up to the server.

Photo by Sasun Bughdaryan on Unsplash

Sign up for more like this.

Enter your email
Subscribe