Skip to main content
The 1Password SSH agent has been tested for compatibility with a number of different clients that use SSH and Git.
NameSSH CapabilityCompatible with 1Password
CyberduckSFTP Yes
DataGripSSH tunneling Yes
FileZillaSFTP Yes
ForkGit Yes
ForkLiftSFTP Yes
git CLIGit Yes
GitfoxGit Yes
GitHub DesktopGit Yes
GitKrakenGit Yes
GitUpGit Yes
JetBrains IDEsGit Yes
NovaGit Yes
OpenSSHSSH, SFTP Yes
PosticoSSH tunneling No
Sequel AceSSH tunneling No
SourcetreeGit Yes
Sublime MergeGit Yes
TablePlusSSH tunneling Yes
TermiusSSH No
TowerGit Yes
TransmitSFTP Yes
Visual Studio CodeGit Yes
XcodeGit No

Working with SSH clients

Agent configuration with IdentityAgent

On Mac and Linux, most SSH and Git clients check your ~/.ssh/config file for the IdentityAgent setting for the corresponding host. The clients then use the configured agent socket path to handle SSH authentication. This option gives you the most flexibility, like the ability to configure multiple agents side by side. However, not every SSH client adheres to every value in the SSH config file. In the list below, you can see whether or not your SSH client supports configuration with IdentityAgent.

Agent configuration with SSH_AUTH_SOCK

On Mac and Linux, you can also configure the agent socket path using the SSH_AUTH_SOCK environment variable. There are more SSH clients that support SSH_AUTH_SOCK than IdentityAgent. For clients that support both, IdentityAgent usually takes precedence over SSH_AUTH_SOCK. Follow the steps for your operating system to configure SSH_AUTH_SOCK for your SSH client:

Configure SSH_AUTH_SOCK for the terminal

To configure SSH_AUTH_SOCK for the terminal, run:
export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
Any command you run within that same shell will use the 1Password SSH agent.To pass SSH_AUTH_SOCK to a GUI application, you can use the open command to launch the application:
export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
open -a /Applications/<your SSH client>.app

Configure SSH_AUTH_SOCK globally for every client

If you want to persist and automatically configure the SSH_AUTH_SOCK environment variable for every client without launching them from the terminal, run the following snippet to create a launch agent:
mkdir -p ~/Library/LaunchAgents
cat << EOF > ~/Library/LaunchAgents/com.1password.SSH_AUTH_SOCK.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.1password.SSH_AUTH_SOCK</string>
  <key>ProgramArguments</key>
  <array>
    <string>/bin/sh</string>
    <string>-c</string>
    <string>/bin/ln -sf $HOME/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock \$SSH_AUTH_SOCK</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
</dict>
</plist>
EOF
launchctl load -w ~/Library/LaunchAgents/com.1password.SSH_AUTH_SOCK.plist

Using Git autofetch

Some Git clients are configured by default to periodically perform a git fetch in the background. This can result in authorization prompts popping up unexpectedly, so 1Password helps to suppress prompts if the application or window where the request came from isn’t in the foreground.
If a prompt has been suppressed, you’ll see an indicator dot on the 1Password icon in your device’s menu bar, taskbar, or system tray.To access the prompt, select the 1Password icon, then select SSH request waiting. The authorization prompt will be brought to the foreground, where you can approve or deny the request.If you’d rather not be prompted when your applications automatically fetch changes, even when the prompts are suppressed, you can turn off the autofetch settings in your Git client and instead only fetch or pull on demand.
Turn on the settings in 1Password to make sure the agent keeps running

Setting public keys as IdentityFile

If an SSH client supports setting public keys as IdentityFile, you can use that to match hosts to a specific key in 1Password. In the list below, you can see if that’s the case for your preferred SSH client.

OpenSSH

ssh, sftp, scp

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for workflows with jump hosts (-J, ProxyJump, ProxyCommand).
  • Support for workflows that use agent forwarding (ForwardAgent).

    • ssh-add

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for listing identities (-l and -L).
  • No support for agent configuration with IdentityAgent.
  • No support for locking and unlocking (-x and -X).
  • No support for adding and deleting identities (ssh-add path/to/key, -d, and -D).

    • Celestial Software

  • Support for using the agent over the OpenSSH pipe (\\.\pipe\openssh-ssh-agent).
  • Support for setting public keys as IdentityFile.

    • Cyberduck

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • No support for the Mac App Store version.

    • DataGrip

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • No support for setting public keys as IdentityFile.
  • If you're seeing errors around the socket path, go to Advanced Settings > SSH and set Configuration files parser to OpenSSH.

    • FileZilla

  • Support for agent configuration with SSH_AUTH_SOCK.
  • No support for agent configuration with IdentityAgent.
  • No support for setting public keys as IdentityFile.

    • Fork

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.
  • You may need to switch the Git binary in the preferences.

    • ForkLift

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.

    • git CLI

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.

    • Git for Windows

  • Support for using the agent over the OpenSSH pipe with the .gitconfig file set up properly.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.
  • Support for PowerShell and cmd.
  • For WSL, workarounds exist to forward socket connections using npiperelay and socat.

    • Gitfox

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • No support for the Mac App Store version.

    • GitHub Desktop

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.

    • GitKraken

  • Support for agent configuration with SSH_AUTH_SOCK.
  • No support for agent configuration with IdentityAgent.
  • No support for setting public keys as IdentityFile.
  • No support for signing Git commits with SSH keys.

    • JetBrains IDEs

    IntelliJ IDEA, WebStorm, GoLand, CLion, PhpStorm, RubyMine, AppCode.
  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.
  • If you're seeing errors around the socket path, go to Advanced Settings > SSH and set Configuration files parser to OpenSSH.

    • Nova

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • No support for setting public keys as IdentityFile.
  • No support for signing Git commits with SSH keys.

    • Pageant

  • No support for using the agent from Pageant.
  • Workarounds and open-source tools exist to forward Pageant requests to the OpenSSH agent pipe.

    • Postico

  • No support for any SSH agent. Uses a built-in key management system.
  • As a workaround, you can set up the SSH tunnel from your terminal and then configure Postico to connect over localhost.

    • PuTTY

  • No support for SSH agents over the OpenSSH pipe, only works with Pageant.

    • Sequel Ace

  • No support for any SSH agent. Uses a built-in key management system.
  • As a workaround, you can set up the SSH tunnel from your terminal and then configure Sequel Ace to connect over localhost.

    • Sourcetree

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.

    • Sublime Merge

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.

    • TablePlus

  • Support for agent configuration with SSH_AUTH_SOCK.
  • No support for agent configuration with IdentityAgent.
  • No support for setting public keys as IdentityFile.

    • Termius

  • No support for any SSH agent. Uses a built-in key management system.

    • Tower

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.
  • You may need to switch the Git binary in the preferences.

    • Transmit

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • No support for setting public keys as IdentityFile.
  • No support for the Mac App Store version.

    • Visual Studio Code

  • Support for agent configuration with SSH_AUTH_SOCK.
  • Support for agent configuration with IdentityAgent.
  • Support for setting public keys as IdentityFile.
  • Support for signing Git commits with SSH keys.

    • Xcode

  • No support for any SSH agent. Uses a built-in key management system.