Only one of pageant and ssh-agent?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm currently using Cygwin's openssh implementation in Windows, with
ssh-agent to cache keys.  This mainly works fine, except that I also
use TortoiseSVN, which uses plink, so I'm also using pageant to cache
keys.  I'd like to find a way to avoid caching the keys twice.

I've tried switching TortoiseSVN to use Cygwin's ssh client, but then I
get irritating CMD window popups every time it runs.  (They go away
immediately after the query, but something like "svn log" makes two
queries.)  Maybe I could get rid of those windows, but then I'm not
quite sure how to get the required env variables SSH_AGENT_PID and
SSH_AUTH_SOCK into the Windows environment
when I run ssh-agent.  (I've put them in by hand for testing, but that
doesn't always seem reliable.  I'm guessing that TortoiseSVN is only
passing along the ones it sees when it starts up.)

Another possibility might be to have Cygwin's ssh ask Pageant for the
key.  Is there any sort of shim available that could do this?  It would
look like ssh-agent to openssh, but would be able to do what  plink
does and ask pageant for a decrypted key.

Thanks for any advice on this...

Re: Only one of pageant and ssh-agent?

Quoted text here. Click to load it

Minor correction: no application ever asks Pageant (or ssh-agent)
for a decrypted key. If it gave out the actual keys it would be
totally derelict in its duty. Its function is to keep the keys to
itself but provide individual _signatures_ on demand.

But that doesn't affect your main point. A shim layer as you
describe, behaving as an OpenSSH ssh-agent to ssh processes and
behaving as an ssh process to Pageant, sounds like a really good
idea to me. The only slight snag is that the last time we looked
communication between Pageant and Cygwin processes had a strange
Windows security problem, as described here:

There's a workaround described there, though, so it's probably not
impossible to rig up something that does the job.
Simon Tatham         What do we want?        ROT13!

Re: Only one of pageant and ssh-agent?

Simon Tatham wrote:
Quoted text here. Click to load it
Quoted text here. Click to load it

Thanks for the encouragement.  I'm not the one to do it, since I don't
know the insides of either ssh-agent or Pageant, but you probably
guessed that from my misunderstanding about the protocol.  If there's
someone else out there who wants to take this on,  I'd be happy to test
it :-).

Duncan Murdoch

Site Timeline