search

PowerShell / Win32-OpenSSH

Win32 port of OpenSSH
7.2k stars 739 forks source link

Certificates aren't properly added to the ssh-agent service #2234

Open tomtastic opened 1 month ago

tomtastic commented 1 month ago

Prerequisites

Steps to reproduce

All versions from 8.1.0.1 to 9.5.0.1p1-Beta fail to add a matching pair of identity and certificate into the agent when using using ssh-add.

PS C:\Users\user> winget install Microsoft.OpenSSH.Beta --override ADDLOCAL=Client
Found OpenSSH Beta [Microsoft.OpenSSH.Beta] Version 9.5.0.0
Successfully verified installer hash
Starting package install...
Successfully installed

PS C:\Users\user> Get-Command ssh-add
CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh-add.exe                                        9.5.0.0    C:\Program Files\OpenSSH\ssh-add.exe

PS C:\Users\user> ssh -V
OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2

PS C:\Users\user> dir .ssh
    Directory: C:\Users\user\.ssh

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----        08/05/2024     14:30            634 id_ecdsa
-a----        09/05/2024     07:42           1338 id_ecdsa-cert.pub
-a----        08/05/2024     14:30            233 id_ecdsa.pub

Expected behavior

PS C:\Users\user> ssh-add -v
Identity added: C:\Users\user/.ssh/id_ecdsa (abc\user@DESKTOP-123)
Certificate added: C:\Users\user/.ssh/id_ecdsa-cert.pub (cert)

PS C:\Users\user> ssh-add -l
384 SHA256:GPcZoAOWDF3mEc9ZNe2qDsa71ottMJPJyNsx13vB+Z4 abc\user@DESKTOP-123 (ECDSA)
384 SHA256:GPcZoAOWDF3mEc9ZNe2qDsa71ottMJPJyNsx13vB+Z4 abc\user@DESKTOP-123 (ECDSA-CERT)

Actual behavior

PS C:\Users\user> ssh-add -v
Identity added: C:\Users\user/.ssh/id_ecdsa (abc\user@DESKTOP-123)
Certificate added: C:\Users\user/.ssh/id_ecdsa-cert.pub (cert)

PS C:\Users\user> ssh-add -l
384 SHA256:GPcZoAOWDF3mEc9ZNe2qDsa71ottMJPJyNsx13vB+Z4 abc\user@DESKTOP-123 (ECDSA-CERT)

Error details

No response

Environment data

PS C:\Users\user> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.19041.4291
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.4291
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version

OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2

Visuals

No response

tomtastic commented 1 month ago

Related: