Integrated ssh-agent for windows. (pageant compatible. openSSH ssh-agent etc ..)

Overview

OmniSSHAgent

OmniSSHAgent

About

The chaotic windows ssh-agent has been integrated into one program.

Chaos Map of SSH-Agent on Windows

There are several different communication methods for ssh-agent in windows, and it is very complicated to use and configure them. The following diagram shows the current communication methods for windows ssh-agent. windows-ssh-agent-chaosmap

Connection diagram of OmniSSHAgent

OmniSSHAgent is a program to simplify what used to be a chaotic situation, as shown in the following figure. OmniSSHAgentmap

Required environment for operation

The following interfaces are supported

  • pageant.exe(PuTTY) shared memory
  • Unix domain socket for WSL2
  • NamedPipe on Windows
  • Unix domain socket for WSL1
  • Unix domain socket for MSYS2(Cygwin) ( #1 )

Usage

  1. Download OmniSSHAgent.zip from https://github.com/masahide/OmniSSHAgent/releases/latest, unzip it, and place it in a folder of your choice.
  2. If you are using Windows native ssh-agent - stop it. Open powershell with administrator privileges and execute the following.
Stop-Service ssh-agent
Set-Service -StartupType Disabled ssh-agent
  • Alternatively, you can set it through the GUI if you prefer.Bring up the start menu and type Services. You’ll see the Services app listed. Once the Services app is open, find the OpenSSH Authentication Agent service and set the Service Status to Stop and the Startup Type to Disabled.
  1. If you are using PuTTY Pageant - stop it.

  2. Run OmniSSHAgent.exe

  3. Press the NEW OPEN FILE button to add a private key file. Or you can use ssh-add command or KeePassXC to add your private key.

For use with WSL2

Setting up socat pipe in ubuntu environment.

Choose the instructions of your favourite shell below. If your shell isn't listed here you can convert the bash script to your shell syntax and send a PR to add it to the repo.

Bash
  1. Download ubuntu-bash.setup.sh with the following command:
mkdir -p $HOME/omni-socat
curl -sL https://raw.githubusercontent.com/masahide/OmniSSHAgent/main/hack/ubuntu-bash.setup.sh -o $HOME/omni-socat/ubuntu-bash.setup.sh
  1. Add the following line to ~/.bashrc:
source $HOME/omni-socat/ubuntu-bash.setup.sh
Fish
  1. Download ubuntu-fish.setup.fish with the following command:
mkdir -p $HOME/omni-socat
curl -sL https://raw.githubusercontent.com/masahide/OmniSSHAgent/main/hack/ubuntu-fish.setup.fish -o $HOME/omni-socat/ubuntu-fish.setup.fish
  1. Add the following line to ~/.config/fish/config.fish:
. $HOME/omni-socat/ubuntu-fish.setup.fish

Setting up socat pipe in rocky linux environment.

  1. Download rocky-bash.setup.sh with the following command
mkdir -p $HOME/omni-socat
curl -sL https://raw.githubusercontent.com/masahide/OmniSSHAgent/main/hack/rocky-bash.setup.sh -o $HOME/omni-socat/rocky-bash.setup.sh
  1. Add the following line to ~/.bashrc:
source $HOME/omni-socat/rocky-bash.setup.sh

For use with WSL1

Setting up Unix doman socket in ubuntu environment.

  1. Check the setting of Unix domain socket file path(WSL1): in OmniSSHAgent. For example, if you have the following settings.. (UserName varies depending on your environment) C:\Users\<UserName>\OmniSSHAgent.sock The WSL1 path will be /mnt/c/Users/<UserName>/OmniSSHAgent.sock.

  2. Add the following line to ~/.bashrc

export SSH_AUTH_SOCK=/mnt/c/Users/<UserName>/OmniSSHAgent.sock

For use with Cygwin/MSYS2/Git for windows/(GitBash)

  1. Check the setting of Cygwin Unix domain socket file path(MSYS2): in OmniSSHAgent.

    • For example, if you have the following settings.(UserName varies depending on your environment).
    • C:\Users\<UserName>\OmniSSHCygwin.sock.
    • The Cygwin path will be /mnt/c/Users/<UserName>/OmniSSHCygwin.sock.
  2. On the Windows taskbar, right-click the Windows icon and select System. In the Settings window, under Related Settings, click Advanced system settings.

    • On the Advanced tab, click Environment Variables.
    • Users variables Click on Create new to create a new environment variable.
    • Set the following values(UserName varies depending on your environment).
Variable name:  SSH_AUTH_SOCK
Variable Value: /mnt/c/Users/<UserName>/OmniSSHAgent.sock

1Password proxy mode

Mode to use 1Password's ssh-agent function as a backend as shown in the following figure. 1Password-Proxy-mode

By setting "Enable proxy mode for 1Password key-agent" in the configuration, OmniSSHAgent becomes a Proxy that works with 1Password's ssh-agent as a backend.

When "Enable proxy mode for 1Password key-agent" is enabled, OmniSSHAgent operates as a mere proxy, and therefore, private keys cannot be added.

Supported key file formats

  • PuTTY private key file (.ppk) file format
  • OpenSSH format

Supported key formats

  • rsa
  • ecdsa
  • ed25519

(dsa, ecdsa-sk, ed25519-sk are not supported)

FAQ

Where is the passphrase for the private key stored?

It's stored in Windows Credential Manager.

Screen shot

Comments
  • Can't get WSL2 socket working

    Can't get WSL2 socket working

    Hi, I've followed the WSL2 steps but it doesn't seem working:

    $ source $HOME/omni-socat/ubuntu-bash.setup.sh
    $ ssh-add -l
    error fetching identities: communication with agent failed
    

    However, it seems the $SSH_AUTH_SOCK has changed:

    $ echo $SSH_AUTH_SOCK
    /home/maicol07/.ssh/agent.sock
    

    I'm using the 1Password proxy mode. Can you help me? Thanks

    opened by maicol07 10
  • Keepassxc over pageant_shm integration doesn't seem to work

    Keepassxc over pageant_shm integration doesn't seem to work

    Getting 'Agent protocol error' in Keepassxc while trying to do so. I lack the understanding of how it works to locate where the error occurs, or it's not working just for me since something else are broken/misconfigured.

    Steps to reproduce:

    Run OmniSSHAgent with default config. Start KeepassXC with "Use Pageant" selected, Click "OK". Get "Agent protocol error." message whenever you try to add keys / open up SSH Agent config.

    // OpenSSH works just fine tho

    opened by wfthkttn 7
  • OmniSSHAgent.exe: Please state more precisely the installation and usage of the (WIN) binary

    OmniSSHAgent.exe: Please state more precisely the installation and usage of the (WIN) binary

    First: Thx a lot for the awesome solution! I got it working quite well following the instruction in README.md Only thing a little unclear to me was "4. Run OmniSSHAgent.exe" under USAGE. As the "exe" is excutable as well as from within WSL and also from WIN11 environment, I needed one more attempt to get it working when running it from within WIN11. Still the following is not yet fully clear to me ..

    • OmniSSHAgent needs to be started as the same user as the user invoking WSL. It does not work if started "as Administrator".
    • After a system Re-Boot I need to start OmniSSHAgent at least once to make it work again. I can close it right after and it seems to continue to work. As of the first point it doesn't work running it as a Windows service, I'd like to know what would be a suitable/recommended way of starting the program after system restart. I assume that starting it as part of some "Run-at-Start" (Login) group would be the way to go. But I'd appriciate some guidance/instructions from expert how to best implement this.

    thx -stefan

    opened by stbuerger 4
  • Populating duplicate tray entries

    Populating duplicate tray entries

    Every time program restarts it populates tray icon duplicates in windows options (not the tray itself), and forgets if it has "visible" option checked.

    I prefer to have all the tray icons visible, and drag tray icon out from 'hidden' to stay near keepass every time program restarts. After several times doing that, it populated taskbar settings dialog quite a bit.
    Screenshot 2022-10-19 025430

    This may not be a bug since I've made some tweaks on my system, neither it is a real problem after selecting to show them all in explorer shell:::{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9} windows dialog.

    Also, if I restart Explorer, icon is gone for good.

    Windows 11 pro build 22621.674

    opened by wfthkttn 1
  • Named pipe stops working after a while the system is on

    Named pipe stops working after a while the system is on

    It seems that named pipe stops working after a while the system is on:

    PS C:\Users\Maicol> ssh-add -l
    Error connecting to agent: No such file or directory
    PS C:\Users\Maicol> Get-ChildItem \\.\pipe\|findstr open
    ------        01/01/1601     01:00              1 openssh-ssh-agent
    

    WSL:

      ~ ❯ ssh-add -l                                                                                              19:43:23
    error fetching identities: communication with agent failed
    

    However, Git bash works:

    $ ssh-add -l
    3072 SHA256:xInBcA48YT6jmmOEWQrXtC+xw+c6V2V2cVgAWT6K9hg id_rsa (RSA)
    256 SHA256:ZgvmgA5CNIpEbTZWepclAdXC9fVBFsB1kvmM14Egjm8 id_ed25519 (ED25519)
    

    I've currently tested the named pipe mode and the 1password proxy mode and the two modes are affected. Do you have any clue? Thanks

    opened by maicol07 29
  • Cannot retrieve comment information for private keys in OpenSSH format

    Cannot retrieve comment information for private keys in OpenSSH format

    In the golang.org/x/crypto/ssh/agent implementation https://github.com/golang/crypto/blob/86341886e2925764dc890ad96c141a1bc76043af/ssh/keys.go#L1338-L1451 xParsed comment information has been discarded.

    	case KeyAlgoED25519:
    		key := struct {
    			Pub     []byte
    			Priv    []byte
    			Comment string
    			Pad     []byte `ssh:"rest"`
    		}{}
    
    		if err := Unmarshal(pk1.Rest, &key); err != nil {
    			return nil, err
    		}
    
    		pk := ed25519.PrivateKey(make([]byte, ed25519.PrivateKeySize))
    		copy(pk, key.Priv)
    		return &pk, nil
    
    enhancement 
    opened by masahide 0
Releases(0.3.2)
Owner
YAMASAKI Masahide
YAMASAKI Masahide
Shoes-agent - Framework for myshoes provider using agent

shoes-agent Framework for myshoes provider using agent. agent: agent for shoes-a

Tachibana waita 2 Jan 8, 2022
Cloudbase Solutions 1 Feb 17, 2022
This is a SSH CA that allows you to retrieve a signed SSH certificate by authenticating to Duo.

github-duo-ssh-ca Authenticate to GitHub Enterprise in a secure way by requiring users to go through a Duo flow to get a short-lived SSH certificate t

Niels Hofmans 8 Jan 7, 2022
The dumb container runtime trying to be compatible with Kubernetes CRI

Go Dumb CRI The dumb container runtime trying to be compatible with Kubernetes CRI. Usage Run the server and create an IPC socket in /tmp/go-dumbcri.s

Ayaz Badouraly 0 Dec 12, 2021
A reverse engineered github actions compatible self-hosted runner using nektos/act to execute your workflow steps

github-act-runner A reverse engineered github actions compatible self-hosted runner using nektos/act to execute your workflow steps. Unlike the offici

null 101 Nov 26, 2022
kubectl plugin for generating nginx-ingress compatible basic-auth secrets on kubernetes clusters

kubectl-htpasswd kubectl plugin for easily generating hashed basic auth secrets. Supported hash algorithms bcrypt Examples Create the secret on the cl

Christian Rebischke 16 Jul 17, 2022
Managing your Kubernetes clusters (including public, private, edge, etc) as easily as visiting the Internet

Clusternet Managing Your Clusters (including public, private, hybrid, edge, etc) as easily as Visiting the Internet. Clusternet (Cluster Internet) is

Clusternet 1k Nov 15, 2022
Act is a task runner and supervisor with some great features like act name matching, subacts, etc. We use this in nosebit workspaces.

Act Act is a task runner and supervisor tool written in Go which aims to provide the following features: process supervision in a project level allow

Nosebit 6 May 8, 2022
CI/CD with Jenkins, GitHub Actions, Travis CI etc

CI/CD with Jenkins, GitHub Actions, Travis CI etc This is a simple repository built using Golang with the main purpose to try out different CI/CD tool

null 0 Nov 11, 2021
Just a playground with some interesting concepts like pipelines aka middleware, handleFuncs, request validations etc. Check it out.

Pipeline a.k.a middleware in Go Just a playground with some interesting concepts like pipelines aka middleware, handleFuncs, request validations etc.

null 0 Dec 9, 2021
A simple go application that uses Youtube Data API V3 to show the real-time stats for a youtube channel such as the subs, views, avg. earnings etc.

Youtube-channel-monitor A simple go application that uses Youtube Data API V3 to show the real-time stats for a youtube channel such as the subs, view

null 0 Dec 30, 2021
Pokete api - An API to get (Pokete, Attack etc.) data from Pokete

Pokete API An API to get (Pokete, Attack etc.) data from Pokete. Usage To lauch

null 2 Jun 16, 2022
Small monitor of pulseaudio volume etc. for use in xmobar, as CommandReader input

Simple PulseAudio volume monitor for xmobar This little monitor is my attempt to read the current volume and mute setting of the default sink from Pul

Özgür Kesim 1 Feb 16, 2022
Web user interface and service agent for the monitoring and remote management of WinAFL.

WinAFL Pet WinAFL Pet is a web user interface dedicated to WinAFL remote management via an agent running as a system service on fuzzing machines. The

Gabor Seljan 50 Nov 9, 2022
Sign Container Images with cosign and Verify signature by using Open Policy Agent (OPA)

Sign Container Images with cosign and Verify signature by using Open Policy Agent (OPA) In the beginning, I believe it is worth saying that this proje

Batuhan Apaydın 59 Nov 9, 2022
nano-gpu-agent is a Kubernetes device plugin for GPU resources allocation on node.

Nano GPU Agent About this Project Nano GPU Agent is a Kubernetes device plugin implement for gpu allocation and use in container. It runs as a Daemons

Nano GPU 49 Nov 23, 2022
runtime - an abstraction library on top of the Open Policy Agent (OPA)

runtime - an abstraction library on top of the Open Policy Agent (OPA) Introduction The "runtime" project is a library that sits on top of OPA. The go

 Aserto Inc 22 Nov 7, 2022
A plugin for running Open Policy Agent (OPA) in AWS Lambda as a Lambda Extension.

opa-lambda-extension-plugin A custom plugin for running Open Policy Agent (OPA) in AWS Lambda as a Lambda Extension. To learn more about how Lambda Ex

GoDaddy 24 Oct 11, 2022
Kubernetes operator for the Azure DevOps self-hosted pipe-line agent.

Kubernetes operator for the Azure DevOps self-hosted pipe-line agent. The operator adds an extra layer of configuration on top of the default images like: proxy settings, pool settings and auth keys.

Bart 0 Sep 1, 2022