Using OpenSSH With Cygwin
It works a lot better now.
I have learned a few more things about Cygwin since I posted Ten Steps To Higher Cygwin Productivity 14 days ago:
- I need to add another word smbntsec to my CYGWIN environment variable in order for it to pick up the file permissions from Samba. This fixed a problem I have at work where my home directory is on a Samba share and no matter what I do (chmod 600 from within Cygwin, or change the security settings using Windows properties box) all files on that share are readable by the world. OpenSSH didn't like it because my private key is world readable. The smbntsec word cured that. And now I don't have to fall back to using my passwords to log in to remote systems.
- I read up a bit about the OpenSSH ssh-agent, ssh-add commands and the way the OpenSSH ssh and scp commands interact with them. Here's what it boils down to:
- I can just use ssh without ever bothering with ssh-agent. In this mode I have to type in my key store pass phrase on every invocation of the ssh command.
- ssh-agent creates an in-memory cache of private keys and ssh-add add private keys to the cache managed by ssh-agent. If ssh knows where to look, it will try to look up the private key it needs from ssh-agent's cache. If the key is already there, it won't prompt me for the pass phrase.
- ssh-agent tells the world how to get hold of it through a pair of environment variables: SSH_AUTH_SOCK and SSH_AGENT_PID. If ssh-agent is invoked with an optional command, e.g., ssh-agent xterm, that command (in this case xterm) will be run in an environment where SSH_AUTH_SOCK and SSH_AGENT_PID are set to the correct values. Otherwise, it just prints out the settings in bash script format:
[weiqi@gao] $ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-euTnCkoNOS/agent.3336; export SSH_AUTH_SOCK; SSH_AGENT_PID=3328; export SSH_AGENT_PID; echo Agent pid 3328;
- To make it all work in my setup, I added a line to my startxwin.bat batch file
%RUN% ssh-agent > /etc/profile.d/ssh-agent.sh
right before the xterms are run. This way, by the time the xterms are started, the file /etc/profile.d/ssh-agent.sh is already written and contains the correct environment variables. The bash shell running inside each xterm will source this file as part of the start up process. Consequently they will have the correct environment for ssh, scp and ssh-add to talk with the agent. I still need to run ssh-add (and be prompted for the private key store pass phrase) in one of the xterms to populate the agent's key cache. Subsequent ssh and scp invocations will find the key in the cache and won't prompt me for the key store pass phrase.
[Update Thu Aug 31 19:57:10 CST 2006] (It helps if I tested my script before I posted it.) The above script has two flows: 1) it doesn't kill the old ssh-agent, 2) it should have used Windows file names since startxwin.bat is a Windows batch file. The correct script is
c:\cygwin\bin\pkill ssh-agent del c:\cygwin\etc\profile.d\ssh-agent.sh c:\cygwin\bin\ssh-agent > c:\cygwin\etc\profile.d\ssh-agent.sh