Use Windows OpenSSH as key backing, Instead of PuTTY

[ndbeals]

Hello!

I'm trying to figure out how viable it'd be for me to use the windows OpenSSH ssh-agent as the key agent, instead of Pageant, and instead have this program "proxy" pageant requests back to the openssh-agent. Similar to https://github.com/rupor-github/ssh-agent-wsl (Which I'm already using) but with Pageant support.

Thanks for your time!

[benpye]

This is a nice idea - though the inverse I suppose of what this project is currently doing. If you think there is value in having this be a bidirectional bridge though I'd be totally happy to merge a PR. I unfortunately doubt I'll have much chance to look at this in the near future.

[ndbeals]

Thanks @benpye , I'll start looking into it and attempting it. I'll comment here if I have any questions to ask.

[shawnz]

If this were possible, it would allow WinSCP (which only supports Pageant) to be used with Windows ssh-agent. That would be extremely helpful functionality for me

[Remonli]

I want to use putty as ssh client and windows openssh agent as key agent instead of pageant from putty, but I found it does not work at all.

After I use windows 10 (1909) ssh-add loading my private key , putty still ask for a password, seems it doesn't find windows key agent service.

So any news of this ?

[benpye]

I haven't heard from @ndbeals . This would be a nice feature.

[ndbeals]

I'm about 2 weeks away from finishing my CS bachelor degree, and then it looks like I'll have lots of time this summer to work on this, it's scratching a personal itch too.

There's not too much to figure out so it shouldn't be hard, hopefully you'll hear more from me soon!

[ndbeals]

Taking a deeper look at the code, the gist of what I need to do is:

1. Create a queryOpenSSH function similar to the queryPageant that exists.
2. Add logic to query that instead of or in addition to, in handleConnection
3. Any possible validation/transformation of the data that the OpenSSH agent replies with (I shouldn't need to though, right? the results from the agent are a byte array that directly represents the private key?)
4. "inverse" the queryPageant function, that means I need to make a window named "Pageant" that responds in the same way when queried that the actual pageant does.

That last task may be more difficult than I initially bargained for, I'm not sure how difficult creating and managing a win32api window in Go is. Any knowledge you have about windows in go, and the pageant protocol would be awesome!

[benpye]

Your analysis seems correct. For 3 I wouldn't worry about validation, Pageant and OpenSSH use exactly the same message format.

I haven't previously needed to manage creating a window from go, but it shouldn't be too hard. You'll need to use CreateWindow to create the window and then loop calling GetMessage to get the messages. You can probably ignore most, only WM_COPYDATA is interesting for Pageant.

One thing you may find useful is to build a debug build of PuTTy. I found at least in the other direction it helped me work out why Pageant wasn't responding as expected.

I'll try and help if you have any questions but I can't guarantee I know every answer 🙂

[ndbeals]

I've made some decent progress @benpye, Querying the openssh agent works, I'm listening to GetMessage correctly and reading the WM_COPYDATA struct. I can get the map name but I'm hitting a wall when it comes to opening the file mapping.

my work is here: https://github.com/ndbeals/wsl-ssh-pageant/blob/golang/pageant.go#L124 (and some chaned in main.go), If you have any insight it'd be helpful!

[benpye]

Nothing appears obviously wrong - You could see if Process Monitor gives you any insight?

[bobbwal]

Just wondering if you got any further with this or whether you know of any other solutions? Thanks

[ndbeals]

First off, thank you @benpye for the help and examples, it saved untold time.

I present https://github.com/ndbeals/winssh-pageant, It does what this feature request was asking for.

Since making this request I have upgraded to wsl2, and now use npiperelay to get ssh in wsl, so I wanted a standalone executable instead. My little utility has no flags, all you do is run it, and it reads from the openssh-agent named pipe when it gets pageant key requests. So @bobbwal I did finally finish it kind of.

Thanks!

[bobbwal]

Works great, awesome job! @ndbeals 👏 Thanks

[shawnz]

Works great for me too! Now I can finally use the Windows SSH agent with WinSCP, Sourcetree, etc! Thank you!