wsl-ssh-pageant icon indicating copy to clipboard operation
wsl-ssh-pageant copied to clipboard
verified publisher icon benpye

Use Windows OpenSSH as key backing, Instead of PuTTY

Open ndbeals opened this issue 6 years ago • 14 comments

Hello!

I'm trying to figure out how viable it'd be for me to use the windows OpenSSH ssh-agent as the key agent, instead of Pageant, and instead have this program "proxy" pageant requests back to the openssh-agent. Similar to https://github.com/rupor-github/ssh-agent-wsl (Which I'm already using) but with Pageant support.

Thanks for your time!

ndbeals avatar Aug 14 '19 12:08 ndbeals

This is a nice idea - though the inverse I suppose of what this project is currently doing. If you think there is value in having this be a bidirectional bridge though I'd be totally happy to merge a PR. I unfortunately doubt I'll have much chance to look at this in the near future.

benpye avatar Aug 17 '19 05:08 benpye

Thanks @benpye , I'll start looking into it and attempting it. I'll comment here if I have any questions to ask.

ndbeals avatar Aug 26 '19 19:08 ndbeals

If this were possible, it would allow WinSCP (which only supports Pageant) to be used with Windows ssh-agent. That would be extremely helpful functionality for me

shawnz avatar Oct 13 '19 01:10 shawnz

I want to use putty as ssh client and windows openssh agent as key agent instead of pageant from putty, but I found it does not work at all.

After I use windows 10 (1909) ssh-add loading my private key , putty still ask for a password, seems it doesn't find windows key agent service.

So any news of this ?

Remonli avatar Apr 01 '20 23:04 Remonli

I haven't heard from @ndbeals . This would be a nice feature.

benpye avatar Apr 08 '20 22:04 benpye

I'm about 2 weeks away from finishing my CS bachelor degree, and then it looks like I'll have lots of time this summer to work on this, it's scratching a personal itch too.

There's not too much to figure out so it shouldn't be hard, hopefully you'll hear more from me soon!

ndbeals avatar Apr 14 '20 02:04 ndbeals

Taking a deeper look at the code, the gist of what I need to do is:

  1. Create a queryOpenSSH function similar to the queryPageant that exists.
  2. Add logic to query that instead of or in addition to, in handleConnection
  3. Any possible validation/transformation of the data that the OpenSSH agent replies with (I shouldn't need to though, right? the results from the agent are a byte array that directly represents the private key?)
  4. "inverse" the queryPageant function, that means I need to make a window named "Pageant" that responds in the same way when queried that the actual pageant does.

That last task may be more difficult than I initially bargained for, I'm not sure how difficult creating and managing a win32api window in Go is. Any knowledge you have about windows in go, and the pageant protocol would be awesome!

ndbeals avatar Apr 14 '20 02:04 ndbeals

Your analysis seems correct. For 3 I wouldn't worry about validation, Pageant and OpenSSH use exactly the same message format.

I haven't previously needed to manage creating a window from go, but it shouldn't be too hard. You'll need to use CreateWindow to create the window and then loop calling GetMessage to get the messages. You can probably ignore most, only WM_COPYDATA is interesting for Pageant.

One thing you may find useful is to build a debug build of PuTTy. I found at least in the other direction it helped me work out why Pageant wasn't responding as expected.

I'll try and help if you have any questions but I can't guarantee I know every answer 🙂

benpye avatar Apr 15 '20 02:04 benpye

I've made some decent progress @benpye, Querying the openssh agent works, I'm listening to GetMessage correctly and reading the WM_COPYDATA struct. I can get the map name but I'm hitting a wall when it comes to opening the file mapping.

my work is here: https://github.com/ndbeals/wsl-ssh-pageant/blob/golang/pageant.go#L124 (and some chaned in main.go), If you have any insight it'd be helpful!

ndbeals avatar Apr 30 '20 06:04 ndbeals

Nothing appears obviously wrong - You could see if Process Monitor gives you any insight?

benpye avatar May 19 '20 23:05 benpye

Just wondering if you got any further with this or whether you know of any other solutions? Thanks

bobbwal avatar Jul 16 '20 09:07 bobbwal

First off, thank you @benpye for the help and examples, it saved untold time.

I present https://github.com/ndbeals/winssh-pageant, It does what this feature request was asking for.

Since making this request I have upgraded to wsl2, and now use npiperelay to get ssh in wsl, so I wanted a standalone executable instead. My little utility has no flags, all you do is run it, and it reads from the openssh-agent named pipe when it gets pageant key requests. So @bobbwal I did finally finish it kind of.

Thanks!

ndbeals avatar Jul 22 '20 04:07 ndbeals

Works great, awesome job! @ndbeals 👏 Thanks

bobbwal avatar Jul 27 '20 13:07 bobbwal

Works great for me too! Now I can finally use the Windows SSH agent with WinSCP, Sourcetree, etc! Thank you!

shawnz avatar Jul 27 '20 14:07 shawnz