Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: From: David Peterson To: "'cygwin AT cygwin DOT com'" Subject: RE: cygwin OpenSSH ssh-agent on Win2000 Date: Tue, 2 Jan 2001 18:15:22 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" All the answers I got to this question required running ssh-agent from within some other cmd or bash shell and then possibly using setx to make the environment variables visible to other programs That works fine except that you can't close the window that housed the shell used to run ssh-agent. Otherwise you kill the shell and ssh-agent. I wrote the small program shown below (compiled with VC++, not gcc) and added a value to the registry key "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon". The value is named "Shell" the data is the full path to the compiled program. It seems to work okay - there is a small flash of a cmd window coming and going when I log in, but ssh-agent stays running. I can open a shell and run ssh-add and everything is set. -dave. #include int main(int argc, char* argv[]) { DWORD creationFlags; STARTUPINFO startupInfo; PROCESS_INFORMATION information; creationFlags = 0; memset(&startupInfo, 0, sizeof(startupInfo)); memset(&information, 0, sizeof(information)); creationFlags = (CREATE_NO_WINDOW | DETACHED_PROCESS); startupInfo.cb = sizeof(startupInfo); BOOL result = CreateProcess(NULL, "c:\\progra~1\\cygwin\\bin\\ssh-agent.exe c:\\winnt\\explorer.exe", NULL, NULL, true, creationFlags, NULL, NULL, &startupInfo, &information); return 0; } -----Original Message----- From: Egor Duda [mailto:deo AT logos-m DOT ru] Sent: Friday, December 22, 2000 1:28 AM To: David O'Shea Cc: David Peterson; cygwin AT cygwin DOT com Subject: Re: cygwin OpenSSH ssh-agent on Win2000 Hi! you can use the following trick: set SSH_AUTH_SOCK=/tmp/ssh-%USERNAME%/current-agent-socket in your global windows enwironment and run this script at startup -------------------snip-------------------- #!/bin/sh echo $SSH_AUTH_SOCK global_ssh_auth_sock=$SSH_AUTH_SOCK wkill ssh-agent1.exe rm -f /tmp/ssh-$USERNAME/current-agent-socket rm -f /tmp/ssh-$USERNAME/agent-socket-* eval `ssh-agent1.exe -s` ln -s $SSH_AUTH_SOCK /tmp/ssh-$USERNAME/current-agent-socket export SSH_AUTH_SOCK=$global_ssh_auth_sock -------------------snip-------------------- however, note that cygwin's unix domain sockets are _FUNDAMENTALLY INSECURE_ and so i strongly _DISCOURAGE_ usage of ssh-agent under cygwin. when you run ssh-agent under cygwin it creates AF_UNIX socket in /tmp/ssh-$USERNAME/ directory. under cygwin AF_UNIX sockets are emulated via AF_INET sockets. you can easily see that if you'll look into /tmp/ssh-$USERNAME/agent-socket-* file via notepad. you'll see the something like !2080 then run "netstat -a" and surprise! you have some program listening to port 2080. it's ssh-agent. when ssh receives RSA challenge from server, it refers to corresponding /tmp/ssh-$USERNAME/agent-socket-* (under cygwin, in our case, that means it'll open connection to localhost:2080) and asks ssh-agent to process RSA challenge with private key it has, and then it simply passes response received from ssh-agent to server. under unix, such scenario works without problems, because unix kernel checks permissions when program tries to access AF_UNIX socket. For AF_INET sockets, however, connections are anonymous (read "insecure"). Imagine, that you have cygwin ssh-agent running. malicious hacker may portscan your box, locate open port used by ssh-agent, open connection to your ssh server, receive RSA challenge from it, send it to your ssh-agent via open port he found, receive RSA response, send it to ssh server and voila, he successfully logged in to your server as you. To Corinna: should cygwin's openssh port contain ssh-agent at all? or perhaps it should issue some warning? >> Does anyone know how to start the explorer.exe process from ssh-agent when >> you log into an NT/2000 system? >> >> I'm trying to do the same as "ssh-agent /etc/X11/xinit/xclients" to make the >> ssh agent available to all programs through the environment variables. >> >> >From within a cygwin bash shell I can do "exec ssh-agent bash" (followed by >> ssh-add) and have everything work from that shell, but of course the >> variables don't exist in any other shells. >> >> It would seem like having ssh-agent launch explorer when you log in would >> work, but I don't know what to tweak where in the registry. Egor. mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19 -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple