Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wishlist: SSH Agent in the desktop session #35

Closed
lucyllewy opened this issue Nov 12, 2015 · 12 comments
Closed

Wishlist: SSH Agent in the desktop session #35

lucyllewy opened this issue Nov 12, 2015 · 12 comments
Labels
0 - Backlog

Comments

@lucyllewy
Copy link

OpenSSH comes with a program called ssh-agent which can be launched on a POSIX system to store any client RSA keys and their associated unlock passwords (if required to unlock the keys) in memory for ease of reuse in successive connections from the workstation. The equivalent in the Windows world thus-far has been PuTTY's Pageant program.

The desire would be to have an agent equivalent which the ssh client may utilise to provide unlocked keys for authentication to remote systems when supported instead of passwords. This agent should start at login to Windows and be accessible from any program that may be run within the desktop session.

The OpenSSH ssh-agent returns BASH-compatible environment variable setting commands via STDOUT when run which are normally passed into BASH's eval function to set these variables into the session for any child processes to utilise - in Windows this is a problem even when we have BASH from Cygwin or some other source as the environment variables only get set in the process that defines them and children of that process. To be fully compatible with Windows the ssh-agent equivalent should set these environment variables into the Windows session itself to allow any program within that session to discover the agent until logout.
@brcolow
Copy link

brcolow commented Dec 8, 2015

posh-git also offers a way to use ssh-agent:

https://github.com/dahlbyk/posh-git/blob/fadc4dd3d41b8b87235d3a35c69e6caba95ee637/GitUtils.ps1#L252

I am using this. When I start a powershell, if this is the first time it has run since a reboot (or if ssh-agent.exe was killed somehow) it prompts me for my key pass. From then on, it is unlocked and I don't need to enter it.

@lucyllewy
Copy link
Author

that will only work with ssh processes spawned inside a PowerShell instance which has the posh-git loaded. This prevents other programs from using the same agent because the environment variables are not included in the Desktop Session.

@theaquamarine
Copy link

Couldn't this just function the same way as ssh-agent already does, storing the socket in $TMPDIR or %TEMP% and other processes which wish to use the agent finding it there? Like https://github.com/wwalker/ssh-find-agent

@lucyllewy
Copy link
Author

that script is 1) interactive, and 2) only works on children of the shell that launches it.

The point here is that all the standard methods store an environment variable in the executing process for children of that process to find to tell those children where the ssh-agent's socket is. In linux the agent is started as part of the desktop session and therefore any processes run by the user inherit that. In windows and cygwin this is not the case and currently requires that a program be launched which then launches the agent. This chain of events on windows means that my desktop session does not have the environment variables and therefore ssh spawned as part of visual studio (e.g.) to git-commit does not know where the socket is and thus fails. If I started a shell (bash via cygwin or powershell with posh-git) the ssh-agent will work in that shell but still Visual Studio won't know about the environment variables in that shell because the shell and the VS instances are unrelated. The only common ancestor in Windows is the desktop session and so that is where the SSH_AUTH_SOCK environment variable needs to be set. There is currently no way of achieving this.

@brcolow
Copy link

brcolow commented Dec 9, 2015

I see. What exactly do you mean by "desktop session"?

@lucyllewy
Copy link
Author

I'm referring to the explorer.exe process that is started by winlogon.exe upon successful authentication

@Oeffner
Copy link

Oeffner commented Jan 12, 2016

Would using SETX environvar (rather than SET environvar) from a cmd shell not be a solution? It allows setting environment variables globally for future cmd shells during a desktop session.

@Oeffner Oeffner mentioned this issue Jan 13, 2016
Closed
@quamrulmina
Copy link
Contributor

Cmd line ssh-agent.exe and ssh-add.exe now works in Windows in the new code update and setting SSH_AUTH_SOCK environment variable will not break ssh client rather ssh client uses it to communicate it with the ssh-agent.

This was referenced Feb 1, 2016
Closed
Closed
@dahlbyk dahlbyk mentioned this issue Mar 1, 2016
Closed
@manojampalam
Copy link
Contributor

Checkout the Win32 version of ssh-agent for OpenSSH. Available in latest release 5_15_2016

@Oeffner
Copy link

Oeffner commented May 17, 2016

Thanks for the info. That sounds great.

Rob

Vote "Remain in the EU" for Great Britain to remain a beacon of liberalism and a great global power.
Vote "Leave the EU" for the UK to fall apart, the west to weaken while Putin and China smirk gleefully.

Robert Oeffner
15 Bayford Place
Cambridge, CB4 2UF
tel: +44(0)1223 369685
mobile: +44(0)7712 887162

From: manojampalam
Sent: Tuesday, May 17, 2016 02:54
To: PowerShell/Win32-OpenSSH
Cc: Oeffner ; Comment
Subject: Re: [PowerShell/Win32-OpenSSH] Wishlist: SSH Agent in the desktop session (#35)

Checkout the Win32 version of ssh-agent for OpenSSH. Available in latest release 5_15_2016


You are receiving this because you commented.
Reply to this email directly or view it on GitHub

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2016.0.7597 / Virus Database: 4568/12245 - Release Date: 05/16/16

@nigurr
Copy link

nigurr commented Jun 29, 2016

Reopen this issue?

When Posh-git finds openssh-win32 ssh-agent, it invokes the & C:\xxxx\ssh-agent.exe
Unlike ssh-agent that ships with git, this one doesn't go in the background mode

C:\tools\poshgit\dahlbyk-posh-git-5ed5c05> & 'C:\Program Files\Git\usr\bin\ssh-agent.exe'
SSH_AUTH_SOCK=/tmp/ssh-lIX9DH5zMlFb/agent.24360; export SSH_AUTH_SOCK;
SSH_AGENT_PID=21556; export SSH_AGENT_PID;
echo Agent pid 21556;
C:\tools\poshgit\dahlbyk-posh-git-5ed5c05> which ssh-agent

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh-agent.exe                                      0.0.0.0    C:\Program Files\OpenSSH-Win64\ssh-agent.exe


C:\tools\poshgit\dahlbyk-posh-git-5ed5c05> & 'C:\Program Files\OpenSSH-Win64\ssh-agent.exe'
agent_start pid:30144, dbg:1, child:0, pipe:0

As you see the ssh-agent will not go into background by default, which is causing issues with posh-git

@dragon788
Copy link

@nigurr Apparently the Win32-OpenSSH agent should run as a Windows service, and in the future will be usable with or without the Win32-OpenSSH server portion. I haven't tested the latest releases, but if you install from Chocolatey it should be in there soon-ish.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0 - Backlog
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@theaquamarine @lucyllewy @dragon788 @joeyaiello @brcolow @arif-pragmasys @manojampalam @quamrulmina @nigurr @Oeffner