Add SSH_AUTH_SOCK support to Windows environments. #1388
+13
−2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Presently dialing Windows SSH agents respects the SSH_AUTH_SOCK environment variable only if step cli is run in specific Unix-like environments (i.e. cygwin). If defined, the agent specified at SSH_AUTH_SOCK will be dialed through a unix pipe with `net.Dial`. In a full Windows environment, the SSH_AUTH_SOCK variable is ignored and the default OpenSSH Agent pipe is dialed instead. - But some Windows agents (like Pageant) may open Named Pipes at arbitrary paths. - This commit adds support for SSH_AUTH_SOCK in a full Windows Context. So, if SSH_AUTH_SOCK is defined, the agent specified at SSH_AUTH_SOCK will be dialed through the Windows Named Pipe with winio.DialPipeContext. If SSH_AUTH_SOCK is not specified (or blank), the default `\\.\\pipe\\openssh-ssh-agent` will be dialed instead.
github-actions
bot
added
the
needs triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Name of feature:
Add environment variable
SSH_AUTH_SOCKsupport to Windows environments.Pain or issue this feature alleviates:
This feature will allow Windows ssh agents which run entirely within the Windows environment (like PuTTY) to work with step cli. It will allow the agents to use Named Pipes other than the default OpenSSH Agent specific pipe (
\\.\\pipe\\openssh-ssh-agent).Why is this important to the project:
SSH_AUTH_SOCKis an environment variable specifying how clients can connect and interact with an SSH agent (https://datatracker.ietf.org/doc/html/draft-ietf-sshm-ssh-agent). If it exists, clients like step cli should load ssh keys into the agent it points to. At present, it is not wholeheartedly respected on Windows systems.The existing code (in
internal/sshutil/agent_windows.go) only includes logic to handle the existence ofSSH_AUTH_SOCKin Unix-like environments (such as cygwin). The existing code uses Unix pipes to connect to the agent specified by this variable (which are only available in a unix-like environment).This PR adds functionality such that if the environment variable
SSH_AUTH_SOCKis defined (i.e. not empty), step cli will attempt to connect to the agent at the path it specified with a Named Windows Pipe. If the variable is not defined, it will continue to fall back to the OpenSSH Agent specific pipe (\\.\\pipe\\openssh-ssh-agent).This feature is specifically important to me because I'd like to use the Pageant SSH Agent. Some other programs (like WinSCP) only support Pageant, so having a method of loading keys directly through
stepis important.Is there documentation on how to use this feature? If so, where?
I've added appropriate error messages. Not sure if other documentation may need to be updated!
In what environments or workflows is this feature supported?
Non Unix-like Windows environments.
Supporting links/other PRs/issues:
💔Thank you!