From 4c51516b04d00db0a8105f4f13f9fc876dedf7f6 Mon Sep 17 00:00:00 2001 From: Roman Zupancic Date: Thu, 13 Mar 2025 13:06:05 -0400 Subject: [PATCH] Add SSH_AUTH_SOCK support to Windows environments. - Presently dialing Windows SSH agents respects the SSH_AUTH_SOCK environment variable only if step cli is run in specific Unix-like environments (i.e. cygwin). If defined, the agent specified at SSH_AUTH_SOCK will be dialed through a unix pipe with `net.Dial`. In a full Windows environment, the SSH_AUTH_SOCK variable is ignored and the default OpenSSH Agent pipe is dialed instead. - But some Windows agents (like Pageant) may open Named Pipes at arbitrary paths. - This commit adds support for SSH_AUTH_SOCK in a full Windows Context. So, if SSH_AUTH_SOCK is defined, the agent specified at SSH_AUTH_SOCK will be dialed through the Windows Named Pipe with winio.DialPipeContext. If SSH_AUTH_SOCK is not specified (or blank), the default `\\.\\pipe\\openssh-ssh-agent` will be dialed instead. --- internal/sshutil/agent_windows.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/internal/sshutil/agent_windows.go b/internal/sshutil/agent_windows.go index 92e508aeb..1d4c98050 100644 --- a/internal/sshutil/agent_windows.go +++ b/internal/sshutil/agent_windows.go @@ -13,17 +13,28 @@ import ( // dialAgent returns an ssh.Agent client. It uses the SSH_AUTH_SOCK to connect // to the agent. func dialAgent() (*Agent, error) { - // Attempt unix sockets for environments like cygwin. + // Override the default windows openssh-ssh-agent pipe if socket := os.Getenv("SSH_AUTH_SOCK"); socket != "" { + // Attempt unix sockets for environments like cygwin. if conn, err := net.Dial("unix", socket); err == nil { return &Agent{ ExtendedAgent: agent.NewClient(conn), Conn: conn, }, nil } + + // Connect to Windows pipe at the supplied address + conn, err := winio.DialPipeContext(context.Background(), socket) + if err != nil { + return nil, errors.Wrap(err, "error connecting with ssh-agent at pipe specified by environment variable SSH_AUTH_SOCK") + } + return &Agent{ + ExtendedAgent: agent.NewClient(conn), + Conn: conn, + }, nil } - // Windows OpenSSH agent + // DEFAULT: Windows OpenSSH agent conn, err := winio.DialPipeContext(context.Background(), `\\.\\pipe\\openssh-ssh-agent`) if err != nil { return nil, errors.Wrap(err, "error connecting with ssh-agent")