Is there a way in PS 5.1 to reuse the PuTTY agent keys?
Now, the details.
To use key agents one has an Agent that holds the keys (left box), and Client Applications that delegate administration of the keys (right box).
E.g., client application C1=putty
can use its own agent A1=pageant
, of course.
Client application C2=winscp
knows how to use directly A1.
Certain Clients cannot use certain Agents directly, but there are Proxy agents that bridge the gap.
For instance to use A1 with C3, I need Proxy P1=ssh-pageant
, see example below.
This helps centralizing in a single Agent the keys for many Clients.
Now I mean to use A1 for all my Clients (currently, only missing A1-C5 and A1-C6).
Is there a way in PS 5.1 to reuse the same PuTTY agent keys? (I.e., a Proxy Px to use A1 with C5)
Possibly helpful: https://superuser.com/a/1173570/245595
NOTES:
I did not try it, but it seems like
winssh-pageant
is a Proxy to link A2 with Client applications that understand A1 directly.I am currently trying to use in PS the same
ssh-pageant
from msys2 (it is a Windows program in the end, and often times they do work), manually replacing whateval
does in msys2 (so far with no luck, but I think this is fixable):
> cd <dir where ssh-pageant is>
> .\ssh-pageant -r -a "$env:USERPROFILE\tmp\.ssh-pageant-$env:USERNAME"
SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'; export SSH_AUTH_SOCK;
SSH_PAGEANT_PID=714; export SSH_PAGEANT_PID;
echo ssh-pageant pid 714;
> $env:SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'
> $env:SSH_PAGEANT_PID=714
> ssh myserver
Enter passphrase for key 'C:\Users\USER1/.ssh/id_rsa':
As an alternative workaround, is there a non-admin (I wouldn't want to interfere with it) way to load keys into a separate agent such that when I start a PS session it uses those other keys, and which allows me to keep working with my reused keys in msys2? This would perhaps amount to using a two different agents at the same time...
weasel-pageant
is such a proxy agent (based on Cygwin'sssh-pageant
), for WSL (A1-C7)... still looking for a solution for PS.ssh-agent-wsl
is a fork ofweasel-pageant
that includes support for using keys held by Microsoft's SSH Agent service (instead of PuTTY Pageant) (A2-C7... I guess it's remarkable that WSL needs a proxy to use Win OpenSSH agent).
Example on how to use "Proxy" agent ssh-pageant
to link PuTTY pageant with Cygwin bash
The steps to achieve this are:
- When I start my session in Windows, the portable PuTTY agent (
pageant
) is executed, loading at the same time one key. For this, a shortcutpageant
is added toC:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
, pointing at%myputty%\pageant.exe "%mykeys%\key1.ppk"
.
This makes the key usable by PuTTY and WinSCP, e.g. But if I now enter a PS session, or an msys2/cygwin terminal, the keys would not be used, and I am asked for the password for the keys. So if I now
$ ssh myserver
Enter passphrase for key 'C:\Users\USER1/.ssh/id_rsa':
- In msys2/cygwin I can use
ssh-pageant
("An SSH authentication agent for Cygwin/MSYS that links OpenSSH to PuTTY's Pageant"), such that it reuses whatever keys a previously loaded PuTTY agent has.
For this purpose, I simply addeval $(/usr/bin/ssh-pageant -r -a "/tmp/.ssh-pageant-$USERNAME")
to my~/.bashrc
of msys2. Now whenever I start an msys2 terminal, the link PuTTY's Pageant -> ssh-pageant is established, a couple of environment variables are created, and I canssh
without entering the password
$ env | grep -i ssh
SSH_AUTH_SOCK=/tmp/.ssh-pageant-USER1
SSH_PAGEANT_PID=960
$ ssh myserver
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-40-generic x86_64)
...
- Judging from this, it seems the same can be achieved for Git bash.
Related:
http://rabexc.org/posts/pitfalls-of-ssh-agents
How to check if ssh-agent is already running in bash?
https://superuser.com/questions/1293725/gpg-agent-under-windows-as-ssh-agent-for-git-bash
I made this work, using the same Cygwin tools (i.e., both
ssh-pageant
and Cygwin OpenSSH client) in a PS session.So I would do (assuming
ssh-pageant
is already running from Msys2):I have added this to my
profile.ps1
(again, it will work whenssh-pageant
is already running when I start the PS session)If an
ssh-pageant
is not yet active, this should work (not tested yet; the PID number may be different):Still have to test a couple of points, and automate the operation.
In particular, executing
ssh-pageant
, detecting the PID # if it is returned, and setting environment variableSSH_PAGEANT_PID
from PS if that is the case. This is a little bit more cumbersome than in Msys2, sincessh-pageant
spits something directly executable by bash.