Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
Message-ID:	<B1F282D5B226D411B8B900E08110486F045111@sweetness.idrive.com>
From:	David Peterson <David DOT Peterson AT mail DOT idrive DOT com>
To:	"'cygwin AT cygwin DOT com'" <cygwin AT cygwin DOT com>
Subject:	RE: cygwin OpenSSH ssh-agent on Win2000
Date:	Tue, 2 Jan 2001 18:15:22 -0800
MIME-Version:	1.0
X-Mailer:	Internet Mail Service (5.5.2650.21)

All the answers I got to this question required running ssh-agent from
within some other cmd or bash shell and then possibly using setx to make the
environment variables visible to other programs

That works fine except that you can't close the window that housed the shell
used to run ssh-agent. Otherwise you kill the shell and ssh-agent.

I wrote the small program shown below (compiled with VC++, not gcc) and
added a value to the registry key
"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon".
The value is named "Shell" the data is the full path to the compiled
program.

It seems to work okay - there is a small flash of a cmd window coming and
going when I log in, but ssh-agent stays running. I can open a shell and run
ssh-add and everything is set.

-dave.

#include <windows.h>

int main(int argc, char* argv[])
{
 DWORD			creationFlags;
 STARTUPINFO		startupInfo;
 PROCESS_INFORMATION	information;

 creationFlags = 0;
 memset(&startupInfo, 0, sizeof(startupInfo));
 memset(&information, 0, sizeof(information));

 creationFlags = (CREATE_NO_WINDOW | DETACHED_PROCESS);
 startupInfo.cb = sizeof(startupInfo);

 BOOL result = CreateProcess(NULL,
  "c:\\progra~1\\cygwin\\bin\\ssh-agent.exe c:\\winnt\\explorer.exe",
  NULL,
  NULL,
  true,
  creationFlags,
  NULL,
  NULL,
  &startupInfo,
  &information);
	
 return 0;
}


-----Original Message-----
From: Egor Duda [mailto:deo AT logos-m DOT ru]
Sent: Friday, December 22, 2000 1:28 AM
To: David O'Shea
Cc: David Peterson; cygwin AT cygwin DOT com
Subject: Re: cygwin OpenSSH ssh-agent on Win2000


Hi!

you can use the following trick:

set SSH_AUTH_SOCK=/tmp/ssh-%USERNAME%/current-agent-socket

in your global windows enwironment and run this script at startup

-------------------snip--------------------
#!/bin/sh

echo $SSH_AUTH_SOCK

global_ssh_auth_sock=$SSH_AUTH_SOCK

wkill ssh-agent1.exe
rm -f /tmp/ssh-$USERNAME/current-agent-socket
rm -f /tmp/ssh-$USERNAME/agent-socket-*
eval `ssh-agent1.exe -s`
ln -s $SSH_AUTH_SOCK /tmp/ssh-$USERNAME/current-agent-socket

export SSH_AUTH_SOCK=$global_ssh_auth_sock

-------------------snip--------------------

however,  note  that  cygwin's  unix domain sockets are _FUNDAMENTALLY
INSECURE_  and  so  i  strongly  _DISCOURAGE_ usage of ssh-agent under
cygwin.

when  you  run  ssh-agent  under  cygwin  it creates AF_UNIX socket in
/tmp/ssh-$USERNAME/  directory.  under  cygwin  AF_UNIX  sockets  are
emulated  via  AF_INET sockets. you can easily see that if you'll look
into  /tmp/ssh-$USERNAME/agent-socket-*  file  via notepad. you'll see
the something like

!<socket >2080

then run "netstat -a" and surprise! you have some program listening to
port  2080.  it's  ssh-agent.  when  ssh  receives  RSA challenge from
server,  it  refers to corresponding /tmp/ssh-$USERNAME/agent-socket-*
(under  cygwin,  in  our  case,  that  means  it'll open connection to
localhost:2080)  and  asks  ssh-agent  to  process  RSA challenge with
private  key  it has, and then it simply passes response received from
ssh-agent to server.

under  unix, such scenario works without problems, because unix kernel
checks  permissions  when  program tries to access AF_UNIX socket. For
AF_INET    sockets,   however,   connections   are   anonymous  (read
"insecure").   Imagine,  that  you  have  cygwin  ssh-agent  running.
malicious  hacker  may  portscan  your  box,  locate open port used by
ssh-agent,  open  connection to your ssh server, receive RSA challenge
from it, send it to your ssh-agent via open port he found, receive RSA
response,  send  it to ssh server and voila, he successfully logged in
to your server as you.

To  Corinna: should cygwin's openssh port contain ssh-agent at all? or
perhaps it should issue some warning?

>> Does anyone know how to start the explorer.exe process from ssh-agent
when
>> you log into an NT/2000 system?
>> 
>> I'm trying to do the same as "ssh-agent /etc/X11/xinit/xclients" to make
the
>> ssh agent available to all programs through the environment variables.
>> 
>> >From within a cygwin bash shell I can do "exec ssh-agent bash" (followed
by
>> ssh-add) and have everything work from that shell, but of course the
>> variables don't exist in any other shells.
>> 
>> It would seem like having ssh-agent launch explorer when you log in would
>> work, but I don't know what to tweak where in the registry.

Egor.            mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19



--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple

- Raw text -