SSH client compatibility - 1Password Developer

The 1Password SSH agent has been tested for compatibility with a number of different clients that use SSH and Git.

Mac
Windows
Linux

Name	SSH Capability	Compatible with 1Password
Cyberduck	SFTP	Yes
DataGrip	SSH tunneling	Yes
FileZilla	SFTP	Yes
Fork	Git	Yes
ForkLift	SFTP	Yes
git CLI	Git	Yes
Gitfox	Git	Yes
GitHub Desktop	Git	Yes
GitKraken	Git	Yes
GitUp	Git	Yes
JetBrains IDEs	Git	Yes
Nova	Git	Yes
OpenSSH	SSH, SFTP	Yes
Postico	SSH tunneling	No
Sequel Ace	SSH tunneling	No
Sourcetree	Git	Yes
Sublime Merge	Git	Yes
TablePlus	SSH tunneling	Yes
Termius	SSH	No
Tower	Git	Yes
Transmit	SFTP	Yes
Visual Studio Code	Git	Yes
Xcode	Git	No

Name	SSH Capability	Compatible with 1Password
Celestial Software	SSH, SFTP	Yes
Cyberduck	SFTP	Yes
FileZilla	SFTP	No
Fork	Git	Yes
Git for Windows	Git	Yes
GitHub Desktop	Git	Yes
GitKraken	Git	Yes
JetBrains IDEs	Git	Yes
Microsoft OpenSSH	SSH, SFTP	Yes
Pageant	SSH	No
PuTTY	SSH	No
Sourcetree	Git	Yes
Sublime Merge	Git	Yes
Termius	SSH	No
Tower	Git	Yes
Visual Studio Code	Git	Yes

Name	SSH Capability	Compatible with 1Password
DataGrip	SSH tunneling	Yes
git CLI	Git	Yes
GitKraken	Git	Yes
JetBrains IDEs	Git	Yes
OpenSSH	SSH, SFTP	Yes
Sublime Merge	Git	Yes
Termius	SSH	No
Visual Studio Code	Git	Yes

Working with SSH clients

Agent configuration with `IdentityAgent`

On Mac and Linux, most SSH and Git clients check your ~/.ssh/config file for the IdentityAgent setting for the corresponding host. The clients then use the configured agent socket path to handle SSH authentication. This option gives you the most flexibility, like the ability to configure multiple agents side by side. However, not every SSH client adheres to every value in the SSH config file. In the list below, you can see whether or not your SSH client supports configuration with IdentityAgent.

Agent configuration with `SSH_AUTH_SOCK`

On Mac and Linux, you can also configure the agent socket path using the SSH_AUTH_SOCK environment variable. There are more SSH clients that support SSH_AUTH_SOCK than IdentityAgent. For clients that support both, IdentityAgent usually takes precedence over SSH_AUTH_SOCK. Follow the steps for your operating system to configure SSH_AUTH_SOCK for your SSH client:

Mac
Linux

Configure `SSH_AUTH_SOCK` for the terminal

To configure SSH_AUTH_SOCK for the terminal, run:

export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock

Any command you run within that same shell will use the 1Password SSH agent.To pass SSH_AUTH_SOCK to a GUI application, you can use the open command to launch the application:

export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
open -a /Applications/<your SSH client>.app

Configure `SSH_AUTH_SOCK` globally for every client

If you want to persist and automatically configure the SSH_AUTH_SOCK environment variable for every client without launching them from the terminal, run the following snippet to create a launch agent:

mkdir -p ~/Library/LaunchAgents
cat << EOF > ~/Library/LaunchAgents/com.1password.SSH_AUTH_SOCK.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.1password.SSH_AUTH_SOCK</string>
  <key>ProgramArguments</key>
  <array>
    <string>/bin/sh</string>
    <string>-c</string>
    <string>/bin/ln -sf $HOME/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock \$SSH_AUTH_SOCK</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
</dict>
</plist>
EOF
launchctl load -w ~/Library/LaunchAgents/com.1password.SSH_AUTH_SOCK.plist

Configure `SSH_AUTH_SOCK` for the terminal

To configure SSH_AUTH_SOCK for the terminal, run:

export SSH_AUTH_SOCK=~/.1password/agent.sock

Any command you run within that same shell will use the 1Password SSH agent.

Configure `SSH_AUTH_SOCK` globally for every client

echo "export SSH_AUTH_SOCK=~/.1password/agent.sock" | sudo tee /etc/profile.d/1password-ssh-auth-sock.sh

If your system launches the GNOME keyring SSH agent automatically, you can disable that by running the following command:

mkdir -p ~/.config/autostart \
  && cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/gnome-keyring-ssh.desktop \
  && echo "Hidden=true" >> ~/.config/autostart/gnome-keyring-ssh.desktop

If you choose not to do this, the GNOME setting (/run/user/1000/keyring/ssh) may take precedence over the 1Password setting, depending on your operating system.

Using Git autofetch

Some Git clients are configured by default to periodically perform a git fetch in the background. This can result in authorization prompts popping up unexpectedly, so 1Password helps to suppress prompts if the application or window where the request came from isn’t in the foreground.

If a prompt has been suppressed, you’ll see an indicator dot on the 1Password icon in your device’s menu bar, taskbar, or system tray.

To access the prompt, select the 1Password icon, then select SSH request waiting. The authorization prompt will be brought to the foreground, where you can approve or deny the request.

If you’d rather not be prompted when your applications automatically fetch changes, even when the prompts are suppressed, you can turn off the autofetch settings in your Git client and instead only fetch or pull on demand.

Setting public keys as `IdentityFile`

If an SSH client supports setting public keys as IdentityFile, you can use that to match hosts to a specific key in 1Password. In the list below, you can see if that’s the case for your preferred SSH client.

OpenSSH

Mac
Windows
Linux

`ssh`, `sftp`, `scp`

`ssh-add`

`ssh`, `sftp`, `scp`

`ssh-add`

`ssh`, `sftp`, `scp`

`ssh-add`

Celestial Software

Windows

Cyberduck

Mac
Windows

DataGrip

Mac
Linux

FileZilla

Mac
Windows

Fork

Mac
Windows

ForkLift

`git` CLI

Mac
Windows
Linux

Git for Windows

Windows

Gitfox

GitHub Desktop

Mac
Windows

GitKraken

Mac
Windows
Linux

JetBrains IDEs

IntelliJ IDEA, WebStorm, GoLand, CLion, PhpStorm, RubyMine, AppCode.

Mac
Windows
Linux

Nova

Pageant

Windows

Postico

PuTTY

Windows

Sequel Ace

Sourcetree

Mac
Windows

Sublime Merge

Mac
Windows
Linux

TablePlus

Termius

Mac
Windows
Linux

Tower

Mac
Windows

Transmit

Visual Studio Code

Mac
Windows
Linux

Documentation Index

​Working with SSH clients

​Agent configuration with IdentityAgent

​Agent configuration with SSH_AUTH_SOCK

​Configure SSH_AUTH_SOCK for the terminal

​Configure SSH_AUTH_SOCK globally for every client

​Configure SSH_AUTH_SOCK for the terminal

​Configure SSH_AUTH_SOCK globally for every client

​Using Git autofetch

​Setting public keys as IdentityFile

​OpenSSH

​ssh, sftp, scp

​ssh-add

​ssh, sftp, scp

​ssh-add

​ssh, sftp, scp

​ssh-add

​Celestial Software

​Cyberduck

​DataGrip

​FileZilla

​Fork

​ForkLift

​git CLI

​Git for Windows

​Gitfox

​GitHub Desktop

​GitKraken

​JetBrains IDEs

​Nova

​Pageant

​Postico

​PuTTY

​Sequel Ace

​Sourcetree

​Sublime Merge

​TablePlus

​Termius

​Tower

​Transmit

​Visual Studio Code

​Xcode

Working with SSH clients

Agent configuration with `IdentityAgent`

Agent configuration with `SSH_AUTH_SOCK`

Configure `SSH_AUTH_SOCK` for the terminal

Configure `SSH_AUTH_SOCK` globally for every client

Configure `SSH_AUTH_SOCK` for the terminal

Configure `SSH_AUTH_SOCK` globally for every client

Using Git autofetch

Setting public keys as `IdentityFile`

OpenSSH

`ssh`, `sftp`, `scp`

`ssh-add`

`ssh`, `sftp`, `scp`

`ssh-add`

`ssh`, `sftp`, `scp`

`ssh-add`

Celestial Software

Cyberduck

DataGrip

FileZilla

Fork

ForkLift

`git` CLI

Git for Windows

Gitfox

GitHub Desktop

GitKraken

JetBrains IDEs

Nova

Pageant

Postico

PuTTY

Sequel Ace

Sourcetree

Sublime Merge

TablePlus

Termius

Tower

Transmit

Visual Studio Code

Xcode