DEV Community

Pejman Yaghmaie
Pejman Yaghmaie

Posted on

Skip Polkit prompt when authorizing SSH key access with 1Password

#1password #polkit #sshagent #authorization

If you use 1Password's SSH Agent to manage access to a lot of SSH keys on GNU/Linux, then you probably go through this process multiple times a day:

  1. Connecting to a host via SSH (when using ssh command, or git, etc.): connecting to some host via ssh
  2. 1Password asking to authorize access: 1password ask for authorization
  3. Polkit prompting to unlock 1Password (System authentication): Polkit prompt

Visiting two different dialogs followed by entering a l*************ng password may not be the most fun experience you can get. So, how to make it better?

Skip Polkit prompt by adding a rule

You can add a Polkit authorization rule to unlock 1Password without being asked for authentication. A Polkit rule is basically a JavaScript function that overrules the default settings.

These rules can be found in the following two places:

  • /usr/share/polkit-1/rules.d: Used by packages to add their rules
  • /etc/polkit-1/rules.d: Used for local configuration

So, we'll create a new file at /etc/polkit-1/rules.d/00-1password-noauth.rules. Then we add:

polkit.addRule(function (action, subject) {
    if (
        (
            action.id == "com.1password.1Password.unlock" ||
            action.id == "com.1password.1Password.authorizeSshAgent"
        ) &&
        subject.isInGroup("wheel")
    ) {
        return polkit.Result.YES;
    }
});
Enter fullscreen mode Exit fullscreen mode

There is no need to reboot system or restart any service after saving the rule file. Polkit will detect and apply changes immediately.

Here we check if the action's id match the ones defined by 1Password. You can find these ids at /usr/share/polkit-1/actions/com.1password.1Password.policy installed by 1Password for use with system authentication. We also check if the user is in wheel group.

You might ask why we name our rule file 00-1password-noauth.rules and not 1password-noauth.rules? Because the rules are read and processed by Polkit in a certain order and this is how it's determined. Rules with smaller numbers are processed first.

1Password makes it much easier and safer to keep and manage SSH keys. However, with some Linux setups such as mine, you'd have to enter system's password multiple times a day which is very annoying... and meaningless since the vault and the systems is already unlocked!

profile
Heroku
 Promoted

Heroku

Save time with this productivity hack.

See how Heroku MCP Server connects tools like Cursor to Heroku, so you can build, deploy, and manage apps—right from your editor.

Learn More

Top comments (0)

profile
TigerData (Creators of TimescaleDB)
 Promoted

Tiger Data image

🐯 🚀 Timescale is now TigerData: Building the Modern PostgreSQL for the Analytical and Agentic Era

We’ve quietly evolved from a time-series database into the modern PostgreSQL for today’s and tomorrow’s computing, built for performance, scale, and the agentic future.

So we’re changing our name: from Timescale to TigerData. Not to change who we are, but to reflect who we’ve become. TigerData is bold, fast, and built to power the next era of software.

Read more

👋 Kindness is contagious

Dive into this thoughtful piece, beloved in the supportive DEV Community. Coders of every background are invited to share and elevate our collective know-how.

A sincere "thank you" can brighten someone's day—leave your appreciation below!

On DEV, sharing knowledge smooths our journey and tightens our community bonds. Enjoyed this? A quick thank you to the author is hugely appreciated.

Okay