T27: Windows: Support for Pageant
Description
Originally reported by migration: https://bugs.libssh.org/T27
Pageant is PuTTY's SSH authentication agent. Multiple other FOSS projects like WinSCP use it too.
There exists a patch for libssh-0.5.3 (through 0.5.5) to support Pageant. However, it does not apply cleanly to 0.6.3. http://code.ohloh.net/file?fid=E4Rb2mwou8NxjZQ//2pgNx7794uM&cid=9zDTNiYDvV0&s=&fp=305438&projSelected=true#L0
Currently on the X2Go Project, X2Go Client for Windows is stuck using libssh-0.5.5 because many of our users rely on Pageant support. We have bug 590 written for us to migrate to libssh 0.6.x with the Pageant patch applied. http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=590
implement-support-for-putty-s-pageant-0.6.4-71a931b.patch
Comments:
migration commented on 2017-06-19 06:45:06 UTC:
On Sunday, January 11th 2015 14:27:05, Michael DePaulo wrote:
Back in September, my friend Michael Frederick and I (gmail: psududemike) managed to port that patch to 0.6.3. We've been using it successfully in X2Go Client for Windows 4.0.3.0 and later. That patch still applies to 0.6.4. I've attached the patch.
Comments are welcome.
I just signed my DCO. Mike Frederick assigned copyright of this patch to me, but if need be, he can sign the DCO also.
However, I am not sure about the DCO from the authors for the original patch. Actually, there were 2 different versions of the original patch: 0001-implement-support-for-putty-s-pageant.patch - which was superseded by: 0001-implement-support-for-putty-s-pageant-0.5.3.patch And to make things more confusing, there were multiple versions of the 0.5.3 patch. That ohloh.net link no longer works. But both original patches are available here. https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/show/portage/win32libs/libssh
The 2 authors of those patches appear to be: Patrick Spendrin <ps//ml`gmx.de> Patrick von Reth
So at this point, I am not sure how to proceed. Let me ask: Did those 2 authors ever submit the DCO? and:
migration commented on 2017-06-19 06:45:06 UTC:
On Thursday, January 15th 2015 09:03:58, Andreas Schneider wrote:
Thanks for your work. Copyright doesn't need to be assigned if all people are individuals. The Certificate of Origin is only for people who send patches with Corporate Copyright!
The patch is far from being in a state that I would include it. We need to design a new API for this, similar to pki.c. With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time. So we need a way to build with both and register the backend at the agent engine. We can discuss this on IRC.
migration commented on 2017-06-19 06:45:06 UTC:
On Friday, January 16th 2015 21:41:54, Michael DePaulo wrote:
Andreas Schneider wrote:
With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time.
I did some research :
It appears that there is no actively maintained port of OpenSSH (and therefore ssh-agent) to Windows. In order to not be affected by a vulnerability, one needs to use OpenSSH 6.7p1 or later.
In the past, NoMachine ported SSH to Windows. But they are not maintaining it anymore. The last ported version was 5.9p1. https://www.nomachine.com/AR11K00739 https://www.nomachine.com/NoMachine-OSS-ports
There is actively maintained software such as "OpenSSH for Windows", which is at 6.7p1. But they are actually OpenSSH for Cygwin with an easy Windows installer. http://www.mls-software.com/opensshd.html
If you'd like, I can test cygwin ssh-agent 6.7p1 with native Windows libssh and see if it actually works. But I do not feel it is appropriate to maintain support for native Windows ssh-agent so long as it is unmaintained.
migration commented on 2017-06-19 06:49:19 UTC:
On Sunday, January 11th 2015 14:27:05, Michael DePaulo wrote:
Back in September, my friend Michael Frederick and I (gmail: psududemike) managed to port that patch to 0.6.3. We've been using it successfully in X2Go Client for Windows 4.0.3.0 and later. That patch still applies to 0.6.4. I've attached the patch.
Comments are welcome.
I just signed my DCO. Mike Frederick assigned copyright of this patch to me, but if need be, he can sign the DCO also.
However, I am not sure about the DCO from the authors for the original patch. Actually, there were 2 different versions of the original patch: 0001-implement-support-for-putty-s-pageant.patch - which was superseded by: 0001-implement-support-for-putty-s-pageant-0.5.3.patch And to make things more confusing, there were multiple versions of the 0.5.3 patch. That ohloh.net link no longer works. But both original patches are available here. https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/show/portage/win32libs/libssh
The 2 authors of those patches appear to be: Patrick Spendrin <ps//ml`gmx.de> Patrick von Reth
So at this point, I am not sure how to proceed. Let me ask: Did those 2 authors ever submit the DCO? and:
migration commented on 2017-06-19 06:49:19 UTC:
On Thursday, January 15th 2015 09:03:58, Andreas Schneider wrote:
Thanks for your work. Copyright doesn't need to be assigned if all people are individuals. The Certificate of Origin is only for people who send patches with Corporate Copyright!
The patch is far from being in a state that I would include it. We need to design a new API for this, similar to pki.c. With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time. So we need a way to build with both and register the backend at the agent engine. We can discuss this on IRC.
migration commented on 2017-06-19 06:49:19 UTC:
On Friday, January 16th 2015 21:41:54, Michael DePaulo wrote:
Andreas Schneider wrote:
With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time.
I did some research :
It appears that there is no actively maintained port of OpenSSH (and therefore ssh-agent) to Windows. In order to not be affected by a vulnerability, one needs to use OpenSSH 6.7p1 or later.
In the past, NoMachine ported SSH to Windows. But they are not maintaining it anymore. The last ported version was 5.9p1. https://www.nomachine.com/AR11K00739 https://www.nomachine.com/NoMachine-OSS-ports
There is actively maintained software such as "OpenSSH for Windows", which is at 6.7p1. But they are actually OpenSSH for Cygwin with an easy Windows installer. http://www.mls-software.com/opensshd.html
If you'd like, I can test cygwin ssh-agent 6.7p1 with native Windows libssh and see if it actually works. But I do not feel it is appropriate to maintain support for native Windows ssh-agent so long as it is unmaintained.
migration commented on 2017-06-19 06:50:59 UTC:
On Sunday, January 11th 2015 14:27:05, Michael DePaulo wrote:
Back in September, my friend Michael Frederick and I (gmail: psududemike) managed to port that patch to 0.6.3. We've been using it successfully in X2Go Client for Windows 4.0.3.0 and later. That patch still applies to 0.6.4. I've attached the patch.
Comments are welcome.
I just signed my DCO. Mike Frederick assigned copyright of this patch to me, but if need be, he can sign the DCO also.
However, I am not sure about the DCO from the authors for the original patch. Actually, there were 2 different versions of the original patch: 0001-implement-support-for-putty-s-pageant.patch - which was superseded by: 0001-implement-support-for-putty-s-pageant-0.5.3.patch And to make things more confusing, there were multiple versions of the 0.5.3 patch. That ohloh.net link no longer works. But both original patches are available here. https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/show/portage/win32libs/libssh
The 2 authors of those patches appear to be: Patrick Spendrin <ps//ml`gmx.de> Patrick von Reth
So at this point, I am not sure how to proceed. Let me ask: Did those 2 authors ever submit the DCO? and:
migration commented on 2017-06-19 06:50:59 UTC:
On Thursday, January 15th 2015 09:03:58, Andreas Schneider wrote:
Thanks for your work. Copyright doesn't need to be assigned if all people are individuals. The Certificate of Origin is only for people who send patches with Corporate Copyright!
The patch is far from being in a state that I would include it. We need to design a new API for this, similar to pki.c. With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time. So we need a way to build with both and register the backend at the agent engine. We can discuss this on IRC.
migration commented on 2017-06-19 06:50:59 UTC:
On Friday, January 16th 2015 21:41:54, Michael DePaulo wrote:
Andreas Schneider wrote:
With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time.
I did some research :
It appears that there is no actively maintained port of OpenSSH (and therefore ssh-agent) to Windows. In order to not be affected by a vulnerability, one needs to use OpenSSH 6.7p1 or later.
In the past, NoMachine ported SSH to Windows. But they are not maintaining it anymore. The last ported version was 5.9p1. https://www.nomachine.com/AR11K00739 https://www.nomachine.com/NoMachine-OSS-ports
There is actively maintained software such as "OpenSSH for Windows", which is at 6.7p1. But they are actually OpenSSH for Cygwin with an easy Windows installer. http://www.mls-software.com/opensshd.html
If you'd like, I can test cygwin ssh-agent 6.7p1 with native Windows libssh and see if it actually works. But I do not feel it is appropriate to maintain support for native Windows ssh-agent so long as it is unmaintained.
migration commented on 2017-06-19 06:52:33 UTC:
On Sunday, January 11th 2015 14:27:05, Michael DePaulo wrote:
Back in September, my friend Michael Frederick and I (gmail: psududemike) managed to port that patch to 0.6.3. We've been using it successfully in X2Go Client for Windows 4.0.3.0 and later. That patch still applies to 0.6.4. I've attached the patch.
Comments are welcome.
I just signed my DCO. Mike Frederick assigned copyright of this patch to me, but if need be, he can sign the DCO also.
However, I am not sure about the DCO from the authors for the original patch. Actually, there were 2 different versions of the original patch: 0001-implement-support-for-putty-s-pageant.patch - which was superseded by: 0001-implement-support-for-putty-s-pageant-0.5.3.patch And to make things more confusing, there were multiple versions of the 0.5.3 patch. That ohloh.net link no longer works. But both original patches are available here. https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/show/portage/win32libs/libssh
The 2 authors of those patches appear to be: Patrick Spendrin <ps//ml`gmx.de> Patrick von Reth
So at this point, I am not sure how to proceed. Let me ask: Did those 2 authors ever submit the DCO? and:
migration commented on 2017-06-19 06:52:33 UTC:
On Thursday, January 15th 2015 09:03:58, Andreas Schneider wrote:
Thanks for your work. Copyright doesn't need to be assigned if all people are individuals. The Certificate of Origin is only for people who send patches with Corporate Copyright!
The patch is far from being in a state that I would include it. We need to design a new API for this, similar to pki.c. With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time. So we need a way to build with both and register the backend at the agent engine. We can discuss this on IRC.
migration commented on 2017-06-19 06:52:33 UTC:
On Friday, January 16th 2015 21:41:54, Michael DePaulo wrote:
Andreas Schneider wrote:
With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time.
I did some research :
It appears that there is no actively maintained port of OpenSSH (and therefore ssh-agent) to Windows. In order to not be affected by a vulnerability, one needs to use OpenSSH 6.7p1 or later.
In the past, NoMachine ported SSH to Windows. But they are not maintaining it anymore. The last ported version was 5.9p1. https://www.nomachine.com/AR11K00739 https://www.nomachine.com/NoMachine-OSS-ports
There is actively maintained software such as "OpenSSH for Windows", which is at 6.7p1. But they are actually OpenSSH for Cygwin with an easy Windows installer. http://www.mls-software.com/opensshd.html
If you'd like, I can test cygwin ssh-agent 6.7p1 with native Windows libssh and see if it actually works. But I do not feel it is appropriate to maintain support for native Windows ssh-agent so long as it is unmaintained.
asn commented on 2018-09-04 19:12:21 UTC:
This probably needs some refactoring and nicer abstraction for ssh agents.
chcg commented on 2019-06-19 19:03:50 UTC (Edited):
See https://stackoverflow.com/questions/12452933/putty-pageant-protocol and the current version from putty base for the patch:
https://github.com/github/putty/blob/master/windows/winpgntc.c
DDoSolitary commented on 2020-03-21 08:07:13 UTC:
For those who're interested, I wrote a new patch from scratch which is based on the latest 0.9.3 release.
0001-Add-support-for-pageant.patch
I agree that it is better to support multiple agent implementations at the same time. Actually the situation is rather complicated on Windows currently.
- Putty's pageant uses a message-only window and memory-mapped files. gpg4win also provides support for that.
- Cygwin has its own implementation for AF_UNIX sockets
- Microsoft now ships [[ https://github.com/PowerShell/openssh-portable | their own port of OpenSSH ]] with Windows which uses [[ https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/ | the native AF_UNIX socket introduced in Windows 10 ]]. However, older versions of this port uses a global named pipe.
It would be really amazing to have all of these supported, though quite a lot of work might be needed.