-
Notifications
You must be signed in to change notification settings - Fork 740
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wishlist: SSH Agent in the desktop session #35
Comments
posh-git also offers a way to use ssh-agent: https://github.com/dahlbyk/posh-git/blob/fadc4dd3d41b8b87235d3a35c69e6caba95ee637/GitUtils.ps1#L252 I am using this. When I start a powershell, if this is the first time it has run since a reboot (or if ssh-agent.exe was killed somehow) it prompts me for my key pass. From then on, it is unlocked and I don't need to enter it. |
that will only work with ssh processes spawned inside a PowerShell instance which has the posh-git loaded. This prevents other programs from using the same agent because the environment variables are not included in the Desktop Session. |
Couldn't this just function the same way as ssh-agent already does, storing the socket in $TMPDIR or %TEMP% and other processes which wish to use the agent finding it there? Like https://github.com/wwalker/ssh-find-agent |
that script is 1) interactive, and 2) only works on children of the shell that launches it. The point here is that all the standard methods store an environment variable in the executing process for children of that process to find to tell those children where the ssh-agent's socket is. In linux the agent is started as part of the desktop session and therefore any processes run by the user inherit that. In windows and cygwin this is not the case and currently requires that a program be launched which then launches the agent. This chain of events on windows means that my desktop session does not have the environment variables and therefore ssh spawned as part of visual studio (e.g.) to git-commit does not know where the socket is and thus fails. If I started a shell (bash via cygwin or powershell with posh-git) the ssh-agent will work in that shell but still Visual Studio won't know about the environment variables in that shell because the shell and the VS instances are unrelated. The only common ancestor in Windows is the desktop session and so that is where the SSH_AUTH_SOCK environment variable needs to be set. There is currently no way of achieving this. |
I see. What exactly do you mean by "desktop session"? |
I'm referring to the explorer.exe process that is started by winlogon.exe upon successful authentication |
Would using SETX environvar (rather than SET environvar) from a cmd shell not be a solution? It allows setting environment variables globally for future cmd shells during a desktop session. |
Cmd line ssh-agent.exe and ssh-add.exe now works in Windows in the new code update and setting SSH_AUTH_SOCK environment variable will not break ssh client rather ssh client uses it to communicate it with the ssh-agent. |
Checkout the Win32 version of ssh-agent for OpenSSH. Available in latest release 5_15_2016 |
Thanks for the info. That sounds great. Rob Vote "Remain in the EU" for Great Britain to remain a beacon of liberalism and a great global power. Robert Oeffner From: manojampalam Checkout the Win32 version of ssh-agent for OpenSSH. Available in latest release 5_15_2016 — No virus found in this message. |
Reopen this issue? When Posh-git finds openssh-win32 ssh-agent, it invokes the
As you see the |
@nigurr Apparently the Win32-OpenSSH agent should run as a Windows service, and in the future will be usable with or without the Win32-OpenSSH server portion. I haven't tested the latest releases, but if you install from Chocolatey it should be in there soon-ish. |
OpenSSH comes with a program called ssh-agent which can be launched on a POSIX system to store any client RSA keys and their associated unlock passwords (if required to unlock the keys) in memory for ease of reuse in successive connections from the workstation. The equivalent in the Windows world thus-far has been PuTTY's Pageant program.
The desire would be to have an agent equivalent which the ssh client may utilise to provide unlocked keys for authentication to remote systems when supported instead of passwords. This agent should start at login to Windows and be accessible from any program that may be run within the desktop session.
The OpenSSH ssh-agent returns BASH-compatible environment variable setting commands via STDOUT when run which are normally passed into BASH's eval function to set these variables into the session for any child processes to utilise - in Windows this is a problem even when we have BASH from Cygwin or some other source as the environment variables only get set in the process that defines them and children of that process. To be fully compatible with Windows the ssh-agent equivalent should set these environment variables into the Windows session itself to allow any program within that session to discover the agent until logout.
The text was updated successfully, but these errors were encountered: