* cygwin OpenSSH ssh-agent on Win2000
@ 2000-12-21 18:39 David Peterson
2000-12-21 22:52 ` Richard Y. Kim
2000-12-22 0:36 ` David O'Shea
0 siblings, 2 replies; 5+ messages in thread
From: David Peterson @ 2000-12-21 18:39 UTC (permalink / raw)
To: cygwin
Hello,
Does anyone know how to start the explorer.exe process from ssh-agent when
you log into an NT/2000 system?
I'm trying to do the same as "ssh-agent /etc/X11/xinit/xclients" to make the
ssh agent available to all programs through the environment variables.
From within a cygwin bash shell I can do "exec ssh-agent bash" (followed by
ssh-add) and have everything work from that shell, but of course the
variables don't exist in any other shells.
It would seem like having ssh-agent launch explorer when you log in would
work, but I don't know what to tweak where in the registry.
Thanks,
-dave.
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* cygwin OpenSSH ssh-agent on Win2000
2000-12-21 18:39 cygwin OpenSSH ssh-agent on Win2000 David Peterson
@ 2000-12-21 22:52 ` Richard Y. Kim
2000-12-22 0:36 ` David O'Shea
1 sibling, 0 replies; 5+ messages in thread
From: Richard Y. Kim @ 2000-12-21 22:52 UTC (permalink / raw)
To: David Peterson; +Cc: cygwin
See
http://sources.redhat.com/ml/cygwin/2000-08/msg00834.html
which suggested the use of setx.exe utility from the w2k
resource kit. setx.exe allows you the set an environment
variable for the whole operating system rather than just the
particular shell that you are using.
I wrote the following bash script which I've been using a
few month:
eval `ssh-agent -s`
if [ "$OSTYPE" = "cygwin" ]; then
setx SSH_AUTH_SOCK $SSH_AUTH_SOCK -m
setx SSH_AGENT_PID $SSH_AGENT_PID -m
fi
>>>>> "DP" == David Peterson <david.peterson@mail.idrive.com> writes:
DP> Hello,
DP> Does anyone know how to start the explorer.exe process from ssh-agent when
DP> you log into an NT/2000 system?
DP> I'm trying to do the same as "ssh-agent /etc/X11/xinit/xclients" to make the
DP> ssh agent available to all programs through the environment variables.
>> From within a cygwin bash shell I can do "exec ssh-agent bash" (followed by
DP> ssh-add) and have everything work from that shell, but of course the
DP> variables don't exist in any other shells.
DP> It would seem like having ssh-agent launch explorer when you log in would
DP> work, but I don't know what to tweak where in the registry.
DP> Thanks,
DP> -dave.
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: cygwin OpenSSH ssh-agent on Win2000
2000-12-21 18:39 cygwin OpenSSH ssh-agent on Win2000 David Peterson
2000-12-21 22:52 ` Richard Y. Kim
@ 2000-12-22 0:36 ` David O'Shea
2000-12-22 1:31 ` Egor Duda
1 sibling, 1 reply; 5+ messages in thread
From: David O'Shea @ 2000-12-22 0:36 UTC (permalink / raw)
To: David Peterson; +Cc: cygwin
Dear David,
I haven't tried to do what you're doing, but possibly what I've
done will be of use to you. I wanted a script to start explorer.exe on a
Windows 95 machine. Here's what I did:
1. edit system.ini, and change the shell= line under the [boot] section.
This will probably be "explorer.exe". You could set this to whatever you
want to run instead of explorer.exe (which can then start explorer.exe
itself), but there's one catch: explorer.exe checks this line to see if
it's the login shell. It does this by seeing if the basename of the first
word is "explorer.exe", and if it is, it will bring up the task bar,
desktop, etc., otherwise it'll just show your "Windows Explorer" window.
My solution to this problem is to make a copy of start.exe called
"explorer.exe". Explorer doesn't check the parameters, so here's my line:
shell=d:\usr\local\lib\winlogin\explorer.exe d:\usr\local\bin\winlogin.pif
winlogin.pif runs a batch file. It'd be nice if it was a bash script, but
if you run the real Explorer from a cygwin app, that tty stays associated
with Explorer, and if you have any console apps that are run via context
menus in Explorer (e.g. a "Command Prompt Here" option when you
right-click a folder), most of the output from 16-bit and all of the
output from 32-bit apps will go to the tty you launched Explorer from, not
the console that was opened for the app. I tried all sorts of ways to
dissociate the tty from Explorer: both 16 and 32-bit console and GUI apps
that execute Explorer, but I still couldn't get around this problem. For
some strange reason, console apps run any other way (i.e. by opening them
in a folder or selecting them from the Start Menu) weren't affected.
Shame I'm so used to being able to right-click and pick "MS-DOS" or
"bash"..
2. Now you have to make the batch file. You can run bash scripts from
here if you like, but it has to be the batch file that executes Explorer.
If you want to set environment variables, you have to use "winset" (came
with the Windows 95 resource kit) or else (off the top of my head) all
console apps won't see the variables. However, if you use winset,
Explorer won't see the variables, and neither will non-console apps, so
the easiest solution is to use winset and then start explorer in this way:
start /m %COMSPEC% /c c:\windows\explorer.exe
Doing that creates a new console window with new environment variables set
by winset (the console you use winset in won't see the effects of winset)
so that Explorer can see them.
I guess that's about it. As I said, this was for Windows 95, so it might
be easier, or be done completely differently, on NT/2000. I've never
looked for a system.ini on an NT machine, so I don't even know if they
have them. Even if this does work, I guess you'd have to do a bit of work
to adapt ssh-agent to work with the batch file and use winset to set
environment variables.
Good luck!
DOS
> Does anyone know how to start the explorer.exe process from ssh-agent when
> you log into an NT/2000 system?
>
> I'm trying to do the same as "ssh-agent /etc/X11/xinit/xclients" to make the
> ssh agent available to all programs through the environment variables.
>
> >From within a cygwin bash shell I can do "exec ssh-agent bash" (followed by
> ssh-add) and have everything work from that shell, but of course the
> variables don't exist in any other shells.
>
> It would seem like having ssh-agent launch explorer when you log in would
> work, but I don't know what to tweak where in the registry.
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: cygwin OpenSSH ssh-agent on Win2000
2000-12-22 0:36 ` David O'Shea
@ 2000-12-22 1:31 ` Egor Duda
0 siblings, 0 replies; 5+ messages in thread
From: Egor Duda @ 2000-12-22 1:31 UTC (permalink / raw)
To: David O'Shea; +Cc: David Peterson, cygwin
Hi!
you can use the following trick:
set SSH_AUTH_SOCK=/tmp/ssh-%USERNAME%/current-agent-socket
in your global windows enwironment and run this script at startup
-------------------snip--------------------
#!/bin/sh
echo $SSH_AUTH_SOCK
global_ssh_auth_sock=$SSH_AUTH_SOCK
wkill ssh-agent1.exe
rm -f /tmp/ssh-$USERNAME/current-agent-socket
rm -f /tmp/ssh-$USERNAME/agent-socket-*
eval `ssh-agent1.exe -s`
ln -s $SSH_AUTH_SOCK /tmp/ssh-$USERNAME/current-agent-socket
export SSH_AUTH_SOCK=$global_ssh_auth_sock
-------------------snip--------------------
however, note that cygwin's unix domain sockets are _FUNDAMENTALLY
INSECURE_ and so i strongly _DISCOURAGE_ usage of ssh-agent under
cygwin.
when you run ssh-agent under cygwin it creates AF_UNIX socket in
/tmp/ssh-$USERNAME/ directory. under cygwin AF_UNIX sockets are
emulated via AF_INET sockets. you can easily see that if you'll look
into /tmp/ssh-$USERNAME/agent-socket-* file via notepad. you'll see
the something like
!<socket >2080
then run "netstat -a" and surprise! you have some program listening to
port 2080. it's ssh-agent. when ssh receives RSA challenge from
server, it refers to corresponding /tmp/ssh-$USERNAME/agent-socket-*
(under cygwin, in our case, that means it'll open connection to
localhost:2080) and asks ssh-agent to process RSA challenge with
private key it has, and then it simply passes response received from
ssh-agent to server.
under unix, such scenario works without problems, because unix kernel
checks permissions when program tries to access AF_UNIX socket. For
AF_INET sockets, however, connections are anonymous (read
"insecure"). Imagine, that you have cygwin ssh-agent running.
malicious hacker may portscan your box, locate open port used by
ssh-agent, open connection to your ssh server, receive RSA challenge
from it, send it to your ssh-agent via open port he found, receive RSA
response, send it to ssh server and voila, he successfully logged in
to your server as you.
To Corinna: should cygwin's openssh port contain ssh-agent at all? or
perhaps it should issue some warning?
>> Does anyone know how to start the explorer.exe process from ssh-agent when
>> you log into an NT/2000 system?
>>
>> I'm trying to do the same as "ssh-agent /etc/X11/xinit/xclients" to make the
>> ssh agent available to all programs through the environment variables.
>>
>> >From within a cygwin bash shell I can do "exec ssh-agent bash" (followed by
>> ssh-add) and have everything work from that shell, but of course the
>> variables don't exist in any other shells.
>>
>> It would seem like having ssh-agent launch explorer when you log in would
>> work, but I don't know what to tweak where in the registry.
Egor. mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: cygwin OpenSSH ssh-agent on Win2000
@ 2001-01-02 18:15 David Peterson
0 siblings, 0 replies; 5+ messages in thread
From: David Peterson @ 2001-01-02 18:15 UTC (permalink / raw)
To: 'cygwin@cygwin.com'
All the answers I got to this question required running ssh-agent from
within some other cmd or bash shell and then possibly using setx to make the
environment variables visible to other programs
That works fine except that you can't close the window that housed the shell
used to run ssh-agent. Otherwise you kill the shell and ssh-agent.
I wrote the small program shown below (compiled with VC++, not gcc) and
added a value to the registry key
"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon".
The value is named "Shell" the data is the full path to the compiled
program.
It seems to work okay - there is a small flash of a cmd window coming and
going when I log in, but ssh-agent stays running. I can open a shell and run
ssh-add and everything is set.
-dave.
#include <windows.h>
int main(int argc, char* argv[])
{
DWORD creationFlags;
STARTUPINFO startupInfo;
PROCESS_INFORMATION information;
creationFlags = 0;
memset(&startupInfo, 0, sizeof(startupInfo));
memset(&information, 0, sizeof(information));
creationFlags = (CREATE_NO_WINDOW | DETACHED_PROCESS);
startupInfo.cb = sizeof(startupInfo);
BOOL result = CreateProcess(NULL,
"c:\\progra~1\\cygwin\\bin\\ssh-agent.exe c:\\winnt\\explorer.exe",
NULL,
NULL,
true,
creationFlags,
NULL,
NULL,
&startupInfo,
&information);
return 0;
}
-----Original Message-----
From: Egor Duda [ mailto:deo@logos-m.ru ]
Sent: Friday, December 22, 2000 1:28 AM
To: David O'Shea
Cc: David Peterson; cygwin@cygwin.com
Subject: Re: cygwin OpenSSH ssh-agent on Win2000
Hi!
you can use the following trick:
set SSH_AUTH_SOCK=/tmp/ssh-%USERNAME%/current-agent-socket
in your global windows enwironment and run this script at startup
-------------------snip--------------------
#!/bin/sh
echo $SSH_AUTH_SOCK
global_ssh_auth_sock=$SSH_AUTH_SOCK
wkill ssh-agent1.exe
rm -f /tmp/ssh-$USERNAME/current-agent-socket
rm -f /tmp/ssh-$USERNAME/agent-socket-*
eval `ssh-agent1.exe -s`
ln -s $SSH_AUTH_SOCK /tmp/ssh-$USERNAME/current-agent-socket
export SSH_AUTH_SOCK=$global_ssh_auth_sock
-------------------snip--------------------
however, note that cygwin's unix domain sockets are _FUNDAMENTALLY
INSECURE_ and so i strongly _DISCOURAGE_ usage of ssh-agent under
cygwin.
when you run ssh-agent under cygwin it creates AF_UNIX socket in
/tmp/ssh-$USERNAME/ directory. under cygwin AF_UNIX sockets are
emulated via AF_INET sockets. you can easily see that if you'll look
into /tmp/ssh-$USERNAME/agent-socket-* file via notepad. you'll see
the something like
!<socket >2080
then run "netstat -a" and surprise! you have some program listening to
port 2080. it's ssh-agent. when ssh receives RSA challenge from
server, it refers to corresponding /tmp/ssh-$USERNAME/agent-socket-*
(under cygwin, in our case, that means it'll open connection to
localhost:2080) and asks ssh-agent to process RSA challenge with
private key it has, and then it simply passes response received from
ssh-agent to server.
under unix, such scenario works without problems, because unix kernel
checks permissions when program tries to access AF_UNIX socket. For
AF_INET sockets, however, connections are anonymous (read
"insecure"). Imagine, that you have cygwin ssh-agent running.
malicious hacker may portscan your box, locate open port used by
ssh-agent, open connection to your ssh server, receive RSA challenge
from it, send it to your ssh-agent via open port he found, receive RSA
response, send it to ssh server and voila, he successfully logged in
to your server as you.
To Corinna: should cygwin's openssh port contain ssh-agent at all? or
perhaps it should issue some warning?
>> Does anyone know how to start the explorer.exe process from ssh-agent
when
>> you log into an NT/2000 system?
>>
>> I'm trying to do the same as "ssh-agent /etc/X11/xinit/xclients" to make
the
>> ssh agent available to all programs through the environment variables.
>>
>> >From within a cygwin bash shell I can do "exec ssh-agent bash" (followed
by
>> ssh-add) and have everything work from that shell, but of course the
>> variables don't exist in any other shells.
>>
>> It would seem like having ssh-agent launch explorer when you log in would
>> work, but I don't know what to tweak where in the registry.
Egor. mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2001-01-02 18:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-12-21 18:39 cygwin OpenSSH ssh-agent on Win2000 David Peterson
2000-12-21 22:52 ` Richard Y. Kim
2000-12-22 0:36 ` David O'Shea
2000-12-22 1:31 ` Egor Duda
2001-01-02 18:15 David Peterson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).