SSH-Agent not working on App Store version of Bitwarden #13075
Comments
|
Thank you for reporting this issue! We've added this to our internal tracking system. |
|
Seems that this is noted in the Bitwarden help docs at this time
|
|
Is there any indication that it will be supported on MAS builds in the foreseeable future? Having to choose between browser integration (MAS) and SSH-Agent (DMG version) would be very unfortunate... |
I have the same problem, I'll just wait for the update on macos for now :/ |
The goal is to get SSH keys working in the MAS version as well. The tricky part is that the MAS version is sandboxed, so the SSH agent can’t run like it normally would. We’re still exploring possible workarounds to make this work. |
|
this is a regression from a previous version. it used to work if you created a .sock file manually. in ls -la, this file is displayed as a socket (with = sing at the end) but unfortunately, ssh cannot communicate with it when using version 2025.1.3: It might've been caused by #12065 |
|
@Dubzer I agree, the PR you link causes this; The mac store version prevents the getpeercred from working, and instead of returning "unknown application" like it should, it returns an error, and the agent stops working entirely. This is being looked into but I don't have a timeline for a fix. (Also GitHub has been weird on this issue, sorry if there were multiple notifications). |
|
Same issue here. The strange thing is, the App Store version did work the first time I tried to use the SSH agent, but then it stopped working. The Homebrew version works without issues. |
|
Not sure if that's related, but SSH agent works fine if app installed via DMG/brew. |
the problem is that the DMG version doesn't support integration with a browser. apps that come from the App Store are sandboxed, and in the latest update to SSH agent, the restrictions were not handled correctly, hence this issue |
|
I only get one use of the ssh-agent when using the DMG. Then I have to restart the client. |
|
@Dubzer yes, I know about the lack of browser integration, wanted to point out the different behavior in case that was of any help with the issue. |
|
On a side node, if you are feeling experimental, try the browser integration on the |
|
Ah, happy to test then! |
Unfortunately, this did not work for me, even though I erased all data from the app beforehand. |
|
Can confirm works 100% for me. |
|
Works great after maddlers config, I thought it was a server variable :) Just used it once though but will be installing the DMG client on my other macOS. |
|
@justspacedog Vaultwarden, why? |
|
I'm using VW too, but the env variable is configured on the client side. |
|
@maddler Oops, my mistake! I changed the ENV on the Docker. Thanks! But it is not working in Safari, or? |
|
@justspacedog I think you need to install the App Store version for the Safari extension. |
Please let me know if there are any issues. Otherwise I'll make a note to enable it by default in a few weeks, after handing it to QA. Also linked a PR enabling support for ssh agent on mac app store and flatpak. |
|
@quexten seems to be working OK so far. Will report if any issue. |
|
@quexten Doesn't seem to be working here. Using the .dmg (with Vaultwarden) and added the launchctl statement, but still Safari isn't showing any extension or responding to the hotkey. I'm on Sonoma 14.7.2. |
|
@pefmeister Apple doesn't allow unsigned Safari extensions to be installed outside of App Store, and then packaged with an app. For beta-testing you can enable unsigned extensions in Safari, but the developer will have to distribute the app containing the unsigned extension. |
|
I'm on bitwarden 2025.1.4, from MAS. Version history on MAS says SSH was introduced in 2025.1.3. The website says "The SSH Agent requires release version 2025.1.2 or newer." There is no setting, to enable SSH agent. I'm assuming the release notes on MAS are wrong? |
Steps To Reproduce
Expected Result
The ${USER_HOME}/.bitwarden-ssh-agent.sock is created and available for use.
Actual Result
[SSH Agent Native Module] BITWARDEN_SSH_AUTH_SOCK not set, using default path
[SSH Agent Native Module] Starting SSH Agent server on "/Users/{USER}/Library/Containers/com.bitwarden.desktop/Data/.bitwarden-ssh-agent.sock"
After manually pointing to the above socket, ssh-add -L results in:
error fetching identities: communication with agent failedRepeating the command, it simply hangs without any output.
Using the build from Github (non-App Store version), the agent is working correctly (but I lose the ability to use the browser extension integration).
Screenshots or Videos
No response
Additional Context
I don't know the nitty-gritty about MacOS app development, but I suspect Gatekeeper treats filesystem access differently between App Store apps and manual installed apps. I tried granting Bitwarden full disk access, but that didn't help either.
Operating System
macOS
Operating System Version
Sonoma 14.7.1
Installation method
Mac App Store
Build Version
2025.1.3 (36834)
Issue Tracking Info
The text was updated successfully, but these errors were encountered: