Open monil-patel opened 2 years ago
Dear @bagajjal , could you please consider elevating the priority of this issue? We all know Windows is not about security, but using private keys instead of passwords is so much of a common practice nowadays, that all Microsoft's efforts on OpenSSH become useless without this feature.
Been trying to use a windows jump for ssh jump but no bueno.. ssh works fine for the intial linux->windowsjump connection, but not able to forward agent for authentication with the next linux server. (chain looks like this: linux->windows->linux)
Having a working openssh server in windows would solve a lot of issues for me as we already have windows jump hosts established for reaching other segments of the network.
Have the same issue trying to go Windows 10 -> Windows Server 2022 -> git clone from GitLab instance, forwarding seems to be broken.
It appears the issue is that the OpenSSH server hasn't been modified to setup a windows pipe instead of a unix socket. Seeing these error messages in the sshd service log when agent forwarding is attempted:
6536 2023-02-23 21:31:57.977 debug1: session_input_channel_req: session 0 req auth-agent-req@openssh.com
6536 2023-02-23 21:31:57.977 Unix domain server sockets are not supported
6536 2023-02-23 21:31:57.977 error: unix_listener: cannot bind to path /tmp/ssh-xiQjI8Be4b/agent.5160: Operation not supported
Hi Together I have the same issue from Windows 11 (OpenSSH_for_Windows_8.6p1) -> Windows Server 2022 (OpenSSH_for_Windows_8.1p1) -> git clone from a GlitLab instance
The bug also affects the latest Version OpenSSH_for_Windows_9.2p1, LibreSSL 3.7.2
This is quite disappointing. This prevents using git + public key auth within a Windows VM, connected from VSCode and Remote SSH.
For those looking for agent forwarding working. Beta versions already allow this. Just download the latest msi from GitHub releases, install it, and you've got it.
Thank you, devs! You're the best!
@plashenkov Could you elaborate on that? Are you SSH forwarding to a Windows machine that runs the OpenSSH server and you can use your local keys? Does that create a new named pipe and set SSH_AUTH_SOCK
like when forwarding to a Linux server?
@florisvdg
I have OpenSSH auth agent running on Windows and local SSH keys with a passphrase. Now I can connect to VMs (running locally) with Linux as well as to my real cloud servers. I can connect to my cloud servers from VMs now as well.
My VMs run Docker services as well, and if I pass SSH_AUTH_SOCK there (from the VM to a Docker container), I can connect to my cloud servers even from the Docker container as well.
I can confirm that my SSH keys are only on my Windows host.
P.S. Ah you are asking about a Windows host and a Windows server. I didn't tried that. I have a Windows host and everything other is Linux. Stable Windows OpenSSH versions didn't allow that while the beta now allows.
Right, that makes sense now. Thanks for the clarification.
So yeah, people looking to SSH into a Windows box with agent forwarding enabled will still have to wait :(
I'll be watching this PR in the mean time. 👀
i had set ssh_shell to wn32 version bash, but still can't foward ssh socket
Originally posted here: https://github.com/PowerShell/openssh-portable/issues/540 , but was asked to open an issue here
"OpenSSH for Windows" version 8.1.0.1
Server OperatingSystem Windows 10 Enterprise
Client OperatingSystem Windows 10 Pro
What is failing Unable to forward ssh keys through agent forwarding from windows client -> windows server
Is agent forwarding supported when connecting from a windows client to a windows host machine ?
I tried all of the things below, but had no luck and stumbled across this comment https://github.com/PowerShell/Win32-OpenSSH/issues/1136#issuecomment-500549297 which says Agent forwarding is not supported on the server yet, but you should be able to use the client to forward agent to a non-Windows target.
Was following these instructions from github : https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding
1) used keygen to generate public/private keys and added public to github.com 2) ssh-add "location of private key". Can see them on client machine through ssh-add -l 3) Test using agent
4) Specified ForwardAgent in the ssh config
5) ssh to my-pc, and run ssh -T git@github.com again
Expected output
Actual output
Cant list any keys under the ssh session