one way failure
darren-henderson opened this issue · 4 comments
I'm unable to use ssh-add to add a key to pageant. I always get SSH_AGENT_FAILURE. However, if I add a key to pageant directly I am able to list the available keys with "ssh-add -l" and ssh is able to use it as it should. Just can't seem to add a key from inside a cygwin rxvt/bash session.
Using:
ssh-pageant 32 bit
Cygwin 32 bit synced today (2015-01-25)
Pageant 0.64
Windows 7 64 bit
I've tried rebasing cygwin and reinstalling putty etc.
I use a similar combination of software on other installations and everything works fine. Any suggestions on tracking down the issue would be appreciated.
Thanks.
Immediately after posting this I tried on more thing. I had been using an alias like
alias sshhome='ssh-add -t 4h ~/.ssh/home.key'
So, tried by passing the alias I did
'ssh-add -t 4h ~/.ssh/home.key' which fails as described. However doing 'ssh-add ~/.ssh/home.key' works as it should.
So, there is apparently an issue with using the -t option.
I see pageant doesn't support the time limits but it might be possible to effectively have ssh-pageant do an 'ssh -d key' at the appropriate time. Of course the problem there is that if ssh-pageant is closed, the keys won't be removed which may be dangerous if the time limit is crucial. By the same token silently ignoring -t is just as bad.
Would it be possible to some how have ssh-add or ssh-pageant return a message beyond SSH_AGENT_FAILURE that would let the user know that -t was causing the problem? Maybe just a notation in the man page that would indicate that the use of -t was one possible cause of the error.
Thanks for a very helpful piece of software by the way.
Well, ssh-pageant is not interpreting the messages in any way, except for reading their size from the first four bytes. Otherwise it's just passing everything as-is to Pageant, and returning whatever Pageant says. Note you'll get the exact same failure if you used PuTTY into any system and tried ssh-add -t -- Pageant just doesn't understand.
It might be possible for an internal timer to generate delete messages, as you suggest, but you also identified the problem with ssh-pageant exiting early (or even crashing). And maybe I should turn ssh-pageant -t into an error instead of ignoring, but it does at least warn "option is not supported by Pageant -- t" unless you also used -q to silence it.
I think the best option is to get timeouts implemented in Pageant itself, per the wish pageant-key-mgmt. Last modified in 2002 though, so I wouldn't hold your breath. Maybe they'd still take a code contribution for it.
If you'd like to submit an update to ssh-pageant's docs, I'll take it.
I offered a change via GitHub. Just added a simple caveat to the man
page. Hopefully I did it correctly.
Thanks,
-Darren
On Sunday, January 25, 2015, Josh Stone notifications@github.com wrote:
Well, ssh-pageant is not interpreting the messages in any way, except for
reading their size from the first four bytes. Otherwise it's just passing
everything as-is to Pageant, and returning whatever Pageant says. Note
you'll get the exact same failure if you used PuTTY into any system and
tried ssh-add -t -- Pageant just doesn't understand.It might be possible for an internal timer to generate delete messages, as
you suggest, but you also identified the problem with ssh-pageant exiting
early (or even crashing). And maybe I should turn ssh-pageant -t into an
error instead of ignoring, but it does at least warn "option is not
support by Pageant -- t" unless you also used -q to silence it.I think the best option is to get timeouts implemented in Pageant itself,
per the wish pageant-key-mgmt
http://www.chiark.greenend.org.uk/%7Esgtatham/putty/wishlist/pageant-key-mgmt.html.
Last modified in 2002 though, so I wouldn't hold your breath. Maybe they'd
still take a code contribution for it.If you'd like to submit an update to ssh-pageant's docs, I'll take it.
—
Reply to this email directly or view it on GitHub
#26 (comment).
I committed your change, thanks!