This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [ITP] win-ssh-agent 1.07
2011/11/4 Christopher Faylor
> On Thu, Nov 03, 2011 at 09:52:20AM -0400, Andrew Schulman wrote:
>>> I'd like to package and maintain win-ssh-agent for Cygwin.
>>> With the win-ssh-agent, we can use the ssh-agent (available inthe
>>> cygwin openssh) in the more smart way.
>>> Normally, we need to start all relevant programs, which mightneed to
>>> use the ssh, as child processes of the shell(e.g. bash) in which you
>>> eval'ed the ssh-agent. ?Because, theprograms must be able to refer to
>>> environment variables thatset by the ssh-agent.
>>> The win-ssh-agent enables all programs to refer to theenvironment
>>> variables of the ssh-agent, i.e. theSSH_AUTH_SOCK. ?Now, we no longer
>>> need to start programs aschild processes of the shell.
>>
>>+1 Sounds useful.
>
> I don't agree. ?I don't see why this couldn't be accomplished using
> standard UNIX tools
The win-ssh-agent is for applications that uses the cygwin openssh
internally and are executed from the Explorer (i.e. via the
ShellExecute() API).
The keychain in the distribution cannot propagate SSH_AUTH_SOCK to
them.
Example:
Consider the ntemacs ( http://ftp.gnu.org/pub/gnu/emacs/windows/ ) .
(1) I want to use it because the cygwin emacs does not have its own
windows. The cygwin emacs works only in the terminal.
(2) I want to run it from the start menu or the Windows 7's task bar
(not from the cygwin bash shell). It is the window's style to run
applications.
(3) I want to use the tramp ( http://www.gnu.org/s/tramp/ ) in the
ntemacs. With it, I can treat documents on the remote machine
as if they are on the local machine by:
C-x C-f /sshx:username<at>hostname:~/remote-file
But with the keychain, the ntemacs becomes silent because the ssh
(executed by the tramp) cannot know the SSH_AUTH_SOCK and it asks
me about the passphrase in the hidden console.
With the win-ssh-agent, the ntemacs knows the SSH_AUTH_SOCK, so
the tramp works as expected.
> and it seems like it might even be a potential
> security hole. ?I don't see the need to have this package in the
> distribution.
>
> cgf
The win-ssh-agent set the SSH_AUTH_SOCK and some enviroments to the
user's registory (HKEY_CURRENT_USER\Environment\*), not to the system
registory.
--
Nayuta Taga