This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ITP] win-ssh-agent 1.07


2011/11/4 Christopher Faylor
> On Thu, Nov 03, 2011 at 09:52:20AM -0400, Andrew Schulman wrote:
>>> I'd like to package and maintain win-ssh-agent for Cygwin.
>>> With the win-ssh-agent, we can use the ssh-agent (available inthe
>>> cygwin openssh) in the more smart way.
>>> Normally, we need to start all relevant programs, which mightneed to
>>> use the ssh, as child processes of the shell(e.g. bash) in which you
>>> eval'ed the ssh-agent. ?Because, theprograms must be able to refer to
>>> environment variables thatset by the ssh-agent.
>>> The win-ssh-agent enables all programs to refer to theenvironment
>>> variables of the ssh-agent, i.e. theSSH_AUTH_SOCK. ?Now, we no longer
>>> need to start programs aschild processes of the shell.
>>
>>+1 Sounds useful.
>
> I don't agree. ?I don't see why this couldn't be accomplished using
> standard UNIX tools

The win-ssh-agent is for applications that uses the cygwin openssh
internally and are executed from the Explorer (i.e. via the
ShellExecute() API).

The keychain in the distribution cannot propagate SSH_AUTH_SOCK to
them.

Example:

Consider the ntemacs ( http://ftp.gnu.org/pub/gnu/emacs/windows/ ) .

(1) I want to use it because the cygwin emacs does not have its own
    windows.  The cygwin emacs works only in the terminal.

(2) I want to run it from the start menu or the Windows 7's task bar
    (not from the cygwin bash shell).  It is the window's style to run
    applications.

(3) I want to use the tramp ( http://www.gnu.org/s/tramp/ ) in the
    ntemacs.  With it, I can treat documents on the remote machine
    as if they are on the local machine by:
           C-x C-f /sshx:username<at>hostname:~/remote-file

    But with the keychain, the ntemacs becomes silent because the ssh
    (executed by the tramp) cannot know the SSH_AUTH_SOCK and it asks
    me about the passphrase in the hidden console.

    With the win-ssh-agent, the ntemacs knows the SSH_AUTH_SOCK, so
    the tramp works as expected.

> and it seems like it might even be a potential
> security hole. ?I don't see the need to have this package in the
> distribution.
>
> cgf

The win-ssh-agent set the SSH_AUTH_SOCK and some enviroments to the
user's registory (HKEY_CURRENT_USER\Environment\*), not to the system
registory.

-- 
Nayuta Taga


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]