0

Does anybody know what endpoint the Windows OpenSSH Authentication agent listens on, and how it advertises this so that the Windows ssh.exe can communicate with it?

I know I'm a bit late to the party, but I recently noticed that my Windows PC has a service called "OpenSSH Authentication Agent", which is disabled by default. When enabled, it works quite well as the ssh-agent for the ssh.exe that comes with Windows 10 and later (C:\Windows\System32\OpenSSH).

In Unix operating systems the ssh-agent listens on a Unix socket, and the location of that socket is set in the SSH_AUTHSOCK environment variable. However in Windows there is no SSH_AUTH_SOCK environment variable and the Windows-supplied ssh.exe seems to find it anyway.

Furthermore, It's my understanding that Windows does not implement Unix sockets, so ssh.exe must be using a different mechanism.

John Jeffery
  • 990
  • 5
  • 19

1 Answers1

1

It's open source that is hosted on Github here

The wrapper tha runs ssh-agent as a Windows service is in the source tree here

And a quick glance of the code (agent.c) suggests that a Win32 named pipe is the IPC mechanism. You might want to dive deeper into the code including building, running and debugging locally.

selbie
  • 100,020
  • 15
  • 103
  • 173
  • Thanks @selbie. I also think that the `wmain_common.c ` is useful, as it defaults the endpoint to `\\.\pipe\openssh-ssh-agent` if the `SSH_AUTH_SOCK` environment variable is undefined. I'm thinking that's my answer. That makes it a bit difficult for non-Microsoft implementations of `ssh` to use this agent, unfortunately. – John Jeffery Nov 19 '22 at 05:19
  • @JohnJeffery - Do the non-Microsoft implementations of `ssh` have a mechanism to communicate with an agent service? If so, you could probably extend the open source version of win32 ssh-agent to use it. – selbie Nov 19 '22 at 05:29
  • I found an excellent blog post by Stuart Leeks, which covers forwarding a Unix socket in WSL to a named pipe in Windows. The link is https://stuartleeks.com/posts/wsl-ssh-key-forward-to-windows/ – John Jeffery Nov 19 '22 at 09:41
  • Yes that is a potential solution. There is a good SO question where some people have taken the trouble to describe how Cygwin and MSYS2 implementations simulate Unix sockets in Windows. https://stackoverflow.com/questions/23086038/what-mechanism-is-used-by-msys-cygwin-to-emulate-unix-domain-sockets – John Jeffery Nov 19 '22 at 09:45