Aha! You fell for the clickbaity title! Of course I have ssh keys, they’re just not in the usual place in
~/.ssh, instead they’re stored in 1password.
1password is excellent, and with their recent updates whereby you can store (and share across machines) your ssh keys, AND set up commit signing using the same keys, well, I no longer have a reason to keep gpgsuite on my here computer!
There were a few small hurdles along the way, so here’s a short doc on what went wrong and what I did to fix it.
Except even with those in, I kept getting permission denieds (public keys) for GitHub.
I double checked that the configurations were correct, I made sure that I set up the symbolic link (I’m on Mac), I verified that that works, I set up the env var, verified that that works, made sure that everything matches and there are no linting issues in my config files.
The problem / fix
After a bunch of trial and error, the best way to describe the fix is that while it’s important to make sure that what needs to be in the config files is there, it’s equally important to make sure that what needs to be absent from the config files is also removed.
~/.ssh/config file looked like this.
Host * IdentitesOnly yes AddKeysToAgent yes UseKeychain yes Host whatever User jondoe IdentityFile ~/.ssh/id_ed25519
After I added the identity agent that 1password told me to, it now looked like this:
Host * IdentityAgent "~/.1password/agent.sock" IdentitesOnly yes AddKeysToAgent yes UseKeychain yes Host whatever User jondoe IdentityFile ~/.ssh/id_ed25519
Now the problem is that the identity file was removed – it’s now in 1password instead of the ssh folder–, so had to remove those lines, the keychain is no longer relevant, and for whatever reason I also had to remove the
IdentitiesOnly yes line. My actual, working config file now looks like this:
Host * IdentityAgent "~/.1password/agent.sock" Host whatever User jondoe
ssh -T -v email@example.com correctly asks 1password for the ssh keys it knows about, and happily offers them up to the server.