This guide explains how to set up and manage SSH access to homelab servers using 1Password SSH agent integration.
The homelab uses 1Password as the central SSH key management system. This approach provides:
SSH Key - homelabSSH Key - {servername}SSH Key - lucille4 (currently has format issues)op)Add to ~/.ssh/config:
Host *
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
Verify SSH access works:
ssh mspeicher@lucille4.local
1Password prompts for authorization on first use.
This script ensures Ansible uses 1Password for SSH connections:
#!/bin/bash
## Location: /Users/mspeicher/git/homelab/scripts/ansible-with-1password.sh
export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
ansible-playbook -i ansible/inventory.yml "$@"
Direct SSH access using 1Password:
#!/bin/bash
## Location: /Users/mspeicher/git/homelab/scripts/ssh-with-1password.sh
export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
ssh "$@"
Problem: SSH key shows "invalid format" error
Symptoms:
Load key "/path/to/key": invalid format
Common Causes:
Solutions:
Verify key format in 1Password:
Re-export the key:
Convert key format if needed:
Generate new key:
-----BEGIN OPENSSH PRIVATE KEY-----op item get "SSH Key - servername" --fields private_key > ~/.ssh/temp_key
chmod 600 ~/.ssh/temp_key
ssh -i ~/.ssh/temp_key user@server
ssh-keygen -p -f ~/.ssh/temp_key -m PEM
ssh-keygen -t ed25519 -C "homelab-servername"
## 1Password Not Prompting
**Problem**: SSH fails without 1Password prompt
**Solutions**:
1. Check SSH agent is running:
```bash
echo $SSH_AUTH_SOCK
## Should show: ~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock
Restart 1Password SSH agent:
Verify SSH config:
cat ~/.ssh/config
## Permission Denied
**Problem**: SSH connection refused despite correct key
**Solutions**:
1. Verify key is authorized on server:
```bash
## On the server
cat ~/.ssh/authorized_keys
Check SSH permissions:
Review SSH logs on server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
sudo journalctl -u ssh -f
SSH Key - {purpose} or SSH Key - {servername}Create ansible.cfg in your homelab directory:
[defaults]
host_key_checking = False
inventory = ansible/inventory.yml
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
pipelining = True
Set in your shell profile:
export ANSIBLE_SSH_PIPELINING=True
export SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
Use the helper script:
./scripts/ansible-with-1password.sh ansible/server_maintenance.yml --limit lucille4