using ssh-agent in cygwin

using ssh-agent in cygwin

[Jesse Thompson]

*TL:DR;* I'm looking for options to reliably start and manage an ssh-agent
daemon in Cygwin.

Using ssh-agent in cygwin seems very compelling. OpenSSH client
config AddKeysToAgent option and ssh-agent -t option allow me to keep keys
unlocked for limited times the way that I'd like, and unlock upon use
instead of upon login, and avoid having to manually ssh-add.

But I'm left with the issue of "how can all of my shell windows use the
same daemon" and "how can I get the daemon to start automatically without
spawning an army of unmanaged zombies"?

I have to assume that ssh-agent is very popular to use, and that
copy-pasting 6-12 lines of fragile, custom bash code into one's profile
doesn't have to be the primary way to get into this club.

So, how do you guys manage ssh-agent? Is it really a niche solution, and
there's some better way to get similar SSO-like benefits I should know
about instead?

Please advise, thanks folks!


-- 
*Jesse Thompson | Systems and Network Administrator*

*Webformix Wireless Internet <http://www.webformix.com/>*
*67 NW Hawthorne Ave, Bend, OR 97703-2915*
*Phone: 541-323-9312*

Re: using ssh-agent in cygwin

[Wayne Davison]

On Mon, Jul 19, 2021 at 12:44 PM Jesse Thompson wrote:
> *TL:DR;* I'm looking for options to reliably start and manage an ssh-agent
> daemon in Cygwin.

I recommend the "keychain" package, which is available in Cygwin.
You'd add something like the following to your shell initialization
scripts:

/usr/bin/keychain -q $HOME/.ssh/*_?sa
source $HOME/.keychain/$HOSTNAME-sh

This ensures that you get prompted for your key password on first
login, which unlocks all the key-file args when keychain adds them to
the ssh-agent that it starts for you. Any subsequent shells just share
the existing ssh-agent.

If you don't like that the password prompt happens at login time, you
could leave off the list of default key files and add them using
ssh-add later on.  I sometimes go this route and use a ~/bin/ssh shell
script that looks like this:

#!/bin/bash
case `ssh-add -l` in
*2048*|*1024*) ;;
*) ssh-add ~/.ssh/*_?sa ;;
esac
exec /usr/bin/ssh "${@}"

This method asks you for your key password the first time you run ssh.

..wayne..

Re: using ssh-agent in cygwin

[Andrey Repin]

Greetings, Jesse Thompson!

> *TL:DR;* I'm looking for options to reliably start and manage an ssh-agent
> daemon in Cygwin.

I'm using ssh-pageant myself. But I do have a compatible wrapper for
ssh-agent.

> Using ssh-agent in cygwin seems very compelling.

Oh?

> OpenSSH client config AddKeysToAgent option and ssh-agent -t option allow me
> to keep keys unlocked for limited times the way that I'd like, and unlock
> upon use instead of upon login, and avoid having to manually ssh-add.

Fine, I guess?

> But I'm left with the issue of "how can all of my shell windows use the
> same daemon" and "how can I get the daemon to start automatically without
> spawning an army of unmanaged zombies"?

> $HOME/.local/bash/.bashrc.d/ssh-agent
>> # Import ssh-pageant settings
>> test -f "$HOME/.ssh/agent" && . "$HOME/.ssh/agent"

Conveniently, add to .bashrc:

for f in "$HOME/.local/bash/.bashrc.d/"*; do
    test -f "$f" && . "$f"
done

> I have to assume that ssh-agent is very popular to use, and that
> copy-pasting 6-12 lines of fragile, custom bash code into one's profile
> doesn't have to be the primary way to get into this club.

Eh?

> So, how do you guys manage ssh-agent? Is it really a niche solution, and
> there's some better way to get similar SSO-like benefits I should know
> about instead?

You should stop bashing into open door.

> Please advise, thanks folks!

If you want a robust solution, a small wrapper script is required.
Something like https://pastebin.com/gQ4xfcvJ


-- 
With best regards,
Andrey Repin
Tuesday, July 20, 2021 0:09:24

Sorry for my terrible english...