SSH Agent with TortoiseGit Confusion
AndrewTziAnChan opened this issue · 8 comments
I've been trying to set up TortoiseGit to not interactively require my passphrase after Start-SshAgent completes upon starting Powershell. As I understand, the ssh agent should manage authentication to servers once the appropriate identities have been validated. However, even after adding the identities, TortoiseGit still always asks for a passphrase when pulling or pushing. Is that intended?
Ultimately, I found someone who used the setx command to set the variables SSH_AUTH_SOCK and SSH_AGENT_PID, but I'm not sure that's "correct", even though the method fixes my problem.
If in the context of posh-git and posh-sshell, expecting TortoiseGit to work without prompting for passphrase doesn't make sense, disregard.
System Details
- posh-sshell version/path: 0.2.0
- PowerShell version: 5.1.16299.492
- Operating system name and version: Windows 10 Pro Version 1709 Build 16299.492
- OpenSSH / Putty version: OpenSSH_7.7p1, OpenSSL 1.0.2o 27 Mar 2018
When posh-sshell (and posh-git 0.x) set the SSH_AUTH_SOCK and SSH_AGENT_PID environment variables, it only sets them for the current process, so powershell and any child processes you create will receive these variables, but any external processes that you launch (like TortoiseGit) won't.
Using setx should work fine to get around this, or you can do the following if you want a powershell native solution:
# Add these lines after posh-sshell (or posh-git 0.x) are imported:
[Environment]::SetEnvironmentVariable("SSH_AUTH_SOCK", "${ENV:SSH_AUTH_SOCK}", [System.EnvironmentVariableTarget]::User)
[Environment]::SetEnvironmentVariable("SSH_AGENT_PID", "${ENV:SSH_AGENT_PID}", [System.EnvironmentVariableTarget]::User)
This isn't the default behaviour as setting user-wide environment variables is noticeably slower than setting them only for the current process.
Also note that if you're using the new native version of OpenSSH that comes with Windows 10 1803 or later, then this becomes a non-issue as ssh-agent is implemented as a windows service and you don't have to set any environment variables (provided you've told git to use it by setting core.sshCommand)
Hope that makes sense
Yes, that makes sense. Also helpful to know that ssh-agent will be a native service in a future Windows 10 version.
I'll try out your solution until I get the latest Windows updates. Unfortunately, the IT group my company employs throttles updates and typically are pretty slow to push out latest versions
@JeremySkinner would be useful to add a Start-SshAgent parameter (and/or PS/env variable?) to opt in to those environment variables being set for the user?
Yes I think that’s a good idea. I think a Scope parameter with the same options as System.EnvironmentVariableTarget would be the best option. I’ll get that added for 0.3
//cc @markembling as I know this was something you were interested in too.
But I believe we would not need to create env vars if we detect that the system is using the openssh version of ssh-agent, right?
@rkeithhill setting those env vars on load is suppressed if the native agent is running.
Lines 11 to 15 in b40dd89
However, we use setenv in Get-SshAgent and Stop-SshAgent, which are not yet native-aware.
I've implemented this in #15 Also updated Get-SshAgent and Stop-SshAgent to be native-aware too. Let me know if you think I've missed anything.