1Password as SSH Agent

What is the problem you are having with rclone?

The 1Password application offers an SSH Agent service. In my case this is setup and working with other utilities (e.g., SSH , etc.). I have verified that the sock is present in my terminal environment.

SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock

I verified that I am able to see my various keys using ssh-add -l, which is expected as it is working elsewhere.

See 1Password SSH agent | 1Password Developer for more information on their agent.

I have verified that if I replace their agent by running:

eval "$(ssh-agent -s)"    
ssh-add -K ~/.ssh/id_rsa

To manually load my private key into the agent, I am able to connect. It just seems this is not working with the 1Password agent. Maybe the space in the path is causing an issue? Just a guess, but would like this to work as I rely on 1Password to store my keys and provide secure access. Thanks.

Run the command 'rclone version' and share the full output of the command.

rclone v1.63.1
- os/version: darwin 13.5.2 (64 bit)
- os/kernel: 22.6.0 (x86_64)
- os/type: darwin
- os/arch: amd64
- go/version: go1.20.6
- go/linking: dynamic
- go/tags: cmount

Are you on the latest version of rclone? Yes

Which cloud storage system are you using? (eg Google Drive)

SSH to a cloud instance of a Linux VM.

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone ls remote:/

The rclone config contents with secrets removed.

[remote]
type = sftp
host = mydomain.com
user = cloudadmin
port = 22
known_hosts_file = ~/.ssh/known_hosts
pubkey_file = ~/.ssh/id_rsa.pub
key_use_agent = true
shell_type = unix
md5sum_command = md5sum
sha1sum_command = sha1sum

A log from the command with the -vv flag

2023/09/11 13:39:54 DEBUG : rclone: Version "v1.63.1" starting with parameters ["rclone" "ls" "remote:/" "-vv"]
2023/09/11 13:39:54 DEBUG : Creating backend with remote "remote:/"
2023/09/11 13:39:54 DEBUG : Using config file from "/Users/mikeshappell/.config/rclone/rclone.conf"
2023/09/11 13:39:55 DEBUG : pacer: low level retry 1/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:39:55 DEBUG : pacer: Rate limited, increasing sleep to 200ms
2023/09/11 13:39:57 DEBUG : pacer: low level retry 2/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:39:57 DEBUG : pacer: Rate limited, increasing sleep to 400ms
2023/09/11 13:39:58 DEBUG : pacer: low level retry 3/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:39:58 DEBUG : pacer: Rate limited, increasing sleep to 800ms
2023/09/11 13:40:00 DEBUG : pacer: low level retry 4/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:40:00 DEBUG : pacer: Rate limited, increasing sleep to 1.6s
2023/09/11 13:40:01 DEBUG : pacer: low level retry 5/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:40:01 DEBUG : pacer: Rate limited, increasing sleep to 2s
2023/09/11 13:40:03 DEBUG : pacer: low level retry 6/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:40:05 DEBUG : pacer: low level retry 7/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:40:07 DEBUG : pacer: low level retry 8/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:40:09 DEBUG : pacer: low level retry 9/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:40:11 DEBUG : pacer: low level retry 10/10 (error couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures)
2023/09/11 13:40:11 Failed to create file system for "remote:/": NewFs: couldn't connect SSH: ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures

What is the reason you use this? Do you have a signed certificate used for authentication?

My rational was from this comment during configuration.

When key-file is also set, the ".pub" file of the specified key-file
is read and only the associated key is requested from the ssh-agent.
This allows to avoid `Too many authentication failures for *username*`
errors when the ssh-agent contains many keys.

However, this issue occurs without this in the config as well.

That comment does not refer to pubkey_file parameter.

Can you try to remove:

pubkey_file = ~/.ssh/id_rsa.pub

and add instead:

key_file = ~/.ssh/id_rsa

Change made and now it works as expected. Thanks for the help. I am curious though, how I should have found that on my own :), I did look through a lot of material before posting, hoping to find a solution. Thanks again.

Actually comment you posted (even if referring to another flag):

This allows to avoid `Too many authentication failures for *username*`
errors when the ssh-agent contains many keys.

And your earlier statement that you are able to see various keys - meaning you have multiple keys in your ssh agent.

Together it made me think that it might be worth to try to push ssh-agent to use specific key.

I think that it would be beneficial if DEBUG output for ssh authentication contains more details - similar to ssh -vv.

This would be nice. Unfortunately I don't think the library rclone uses support that

Though I haven't read through the docs recently and maybe I missed something

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.