在 PowerShell 中重用正在运行的 PuTTY 代理(选美)
[英]Reuse in PowerShell a running PuTTY agent (pageant)
问题描述
Is there a way in PS 5.1 to reuse the PuTTY agent keys? 
PS 5.1 中有没有办法重用PuTTY 代理密钥?
Now, the details.现在,细节。
To use key agents one has an Agent that holds the keys (left box), and Client Applications that delegate administration of the keys (right box).要使用密钥代理,需要有一个持有密钥的代理(左框)和委托管理密钥的客户端应用程序(右框)。 Eg, client application C1= putty can use its own agent A1= pageant , of course.例如,客户端应用程序 C1= putty当然可以使用它自己的代理 A1= pageant 。 Client application C2= winscp knows how to use directly A1.客户端应用程序 C2= winscp知道如何直接使用 A1。
Certain Clients cannot use certain Agents directly, but there are Proxy agents that bridge the gap.某些客户不能直接使用某些代理,但有一些代理可以弥补这一差距。 For instance to use A1 with C3, I need Proxy P1= ssh-pageant , see example below.例如,要将 A1 与 C3 一起使用,我需要 Proxy P1= ssh-pageant ,请参见下面的示例。 This helps centralizing in a single Agent the keys for many Clients.这有助于将多个客户端的密钥集中在单个代理中。 Now I mean to use A1 for all my Clients (currently, only missing A1-C5 and A1-C6).现在我的意思是为我的所有客户使用 A1(目前,只缺少 A1-C5 和 A1-C6)。
Is there a way in PS 5.1 to reuse the same PuTTY agent keys? PS 5.1 中有没有办法重用相同的 PuTTY 代理密钥? (Ie, a Proxy Px to use A1 with C5) (即,使用 A1 和 C5 的代理 Px)
Possibly helpful : https://superuser.com/a/1173570/245595可能有帮助: https://superuser.com/a/1173570/245595
NOTES :注意事项:
I did not try it, but it seems like
winssh-pageantis a Proxy to link A2 with Client applications that understand A1 directly.我没有尝试过,但似乎winssh-pageant是一个代理,可以将 A2 与直接理解 A1 的客户端应用程序链接起来。I am currently trying to use in PS the same
ssh-pageantfrom msys2 (it is a Windows program in the end, and often times they do work), manually replacing whatevaldoes in msys2 (so far with no luck, but I think this is fixable):我目前正在尝试在 PS 中使用与 msys2 相同的ssh-pageant(它最终是一个 Windows 程序,并且通常它们确实有效),手动替换eval在 msys2 中所做的事情(到目前为止没有运气,但我认为这是可以修复的):
> cd <dir where ssh-pageant is>
> .\ssh-pageant -r -a "$env:USERPROFILE\tmp\.ssh-pageant-$env:USERNAME"
SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'; export SSH_AUTH_SOCK;
SSH_PAGEANT_PID=714; export SSH_PAGEANT_PID;
echo ssh-pageant pid 714;
> $env:SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'
> $env:SSH_PAGEANT_PID=714
> ssh myserver
Enter passphrase for key 'C:\Users\USER1/.ssh/id_rsa':
As an alternative workaround, is there a non-admin (I wouldn't want to interfere with it) way to load keys into a separate agent such that when I start a PS session it uses those other keys, and which allows me to keep working with my reused keys in msys2?
作为替代解决方法,是否有非管理员(我不想干扰它)的方式将密钥加载到单独的代理中,这样当我启动 PS session 时,它会使用其他密钥,这允许我保留在 msys2 中使用我重复使用的密钥? This would perhaps amount to using a two different agents at the same time...这可能相当于同时使用两个不同的代理......weasel-pageantis such a proxy agent (based on Cygwin'sssh-pageant), for WSL (A1-C7)... still looking for a solution for PS.weasel-pageant就是这样一个代理(基于 Cygwin 的ssh-pageant),用于 WSL(A1-C7)......仍在寻找 PS 的解决方案。ssh-agent-wslis a fork ofweasel-pageantthat includes support for using keys held by Microsoft's SSH Agent service (instead of PuTTY Pageant) (A2-C7... I guess it's remarkable that WSL needs a proxy to use Win OpenSSH agent).ssh-agent-wsl是weasel-pageant的一个分支,包括支持使用 Microsoft 的 SSH 代理服务(而不是 PuTTY Pageant)(A2-C7 ......代理人)。
Example on how to use "Proxy" agent ssh-pageant to link PuTTY pageant with Cygwin bash如何使用“代理”代理ssh-pageant将 PuTTY 选美与 Cygwin bash 链接的示例
The steps to achieve this are:实现这一目标的步骤是:
- When I start my session in Windows, the portable PuTTY agent (
pageant) is executed, loading at the same time one key.当我在 Windows 中启动我的 session 时,便携式 PuTTY 代理( pageant)被执行,同时一键加载。 For this, a shortcutpageantis added toC:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, pointing at%myputty%\pageant.exe "%mykeys%\key1.ppk".为此,将快捷方式pageant添加到C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup,指向%myputty%\pageant.exe "%mykeys%\key1.ppk"。
This makes the key usable by PuTTY and WinSCP, eg But if I now enter a PS session, or an msys2/cygwin terminal, the keys would not be used, and I am asked for the password for the keys.这使得 PuTTY 和 WinSCP 可以使用密钥,例如但是如果我现在输入 PS session 或 msys2/cygwin 终端,则不会使用密钥,并且会要求我输入密钥的密码。 So if I now所以如果我现在
$ ssh myserver
Enter passphrase for key 'C:\Users\USER1/.ssh/id_rsa':
- In msys2/cygwin I can use
ssh-pageant("An SSH authentication agent for Cygwin/MSYS that links OpenSSH to PuTTY's Pageant"), such that it reuses whatever keys a previously loaded PuTTY agent has.在 msys2/cygwin 中,我可以使用ssh-pageant(“将 OpenSSH 链接到 PuTTY 的 Pageant 的 Cygwin/MSYS 的 SSH 身份验证代理”),这样它就可以重用之前加载的 PuTTY 代理所拥有的任何密钥。
For this purpose, I simply addeval $(/usr/bin/ssh-pageant -r -a "/tmp/.ssh-pageant-$USERNAME")to my~/.bashrcof msys2.为此,我只需将eval $(/usr/bin/ssh-pageant -r -a "/tmp/.ssh-pageant-$USERNAME")添加到我的~/.bashrc的 msys2 中。 Now whenever I start an msys2 terminal, the link PuTTY's Pageant -> ssh-pageant is established, a couple of environment variables are created, and I cansshwithout entering the password现在每当我启动一个 msys2 终端时, PuTTY's Pageant -> ssh-pageant的链接就会建立,并且会创建几个环境变量,我可以在不输入密码的情况下使用ssh
$ env | grep -i ssh
SSH_AUTH_SOCK=/tmp/.ssh-pageant-USER1
SSH_PAGEANT_PID=960
$ ssh myserver
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-40-generic x86_64)
...
Related :相关:
http://rabexc.org/posts/pitfalls-of-ssh-agents http://rabexc.org/posts/pitfalls-of-ssh-agents
How to check if ssh-agent is already running in bash? 如何检查 ssh-agent 是否已经在 bash 中运行?
https://superuser.com/questions/1327633/how-to-maintain-ssh-agent-login-session-with-windows-10s-new-openssh-and-powers https://superuser.com/questions/1327633/how-to-maintain-ssh-agent-login-session-with-windows-10s-new-openssh-and-powers
https://superuser.com/questions/1293725/gpg-agent-under-windows-as-ssh-agent-for-git-bash https://superuser.com/questions/1293725/gpg-agent-under-windows-as-ssh-agent-for-git-bash
1 个解决方案
解决方案1
4 已采纳 2020-07-30 11:41:34
I made this work, using the same Cygwin tools (ie, both ssh-pageant and Cygwin OpenSSH client) in a PS session.我在 PS session 中使用相同的 Cygwin 工具(即ssh-pageant和 Cygwin OpenSSH 客户端)完成了这项工作。
So I would do (assuming ssh-pageant is already running from Msys2):所以我会这样做(假设ssh-pageant已经从 Msys2 运行):
> cd <dir where ssh-pageant is>
> .\ssh-pageant -r -a "$env:USERPROFILE\tmp\.ssh-pageant-$env:USERNAME"
SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'; export SSH_AUTH_SOCK;
> $env:SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'
> .\ssh myserver
Logged in to myserver
I have added this to my profile.ps1 (again, it will work when ssh-pageant is already running when I start the PS session)我已将此添加到我的profile.ps1中(同样,当我启动 PS 会话时ssh-pageant已经运行时,它将起作用)
$env:MSYS2_DIR=<mydir>
# Assuming a proxy ssh agent is already running
$env:SSH_AUTH_SOCK="$env:MSYS2_DIR\tmp\.ssh-pageant-$env:USERNAME"
# We have to make sure we use Msys2 OpenSSH ssh client, not Windows OpenSSH ssh client
function ssh_msys2 {
& $env:MSYS2_DIR\usr\bin\ssh.exe $args
}
If an ssh-pageant is not yet active, this should work (not tested yet; the PID number may be different):如果ssh-pageant尚未激活,这应该可以工作(尚未测试;PID 号可能不同):
> cd <dir where ssh-pageant is>
> .\ssh-pageant -r -a "$env:USERPROFILE\tmp\.ssh-pageant-$env:USERNAME"
SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'; export SSH_AUTH_SOCK;
SSH_PAGEANT_PID=714; export SSH_PAGEANT_PID;
echo ssh-pageant pid 714;
> $env:SSH_AUTH_SOCK='C:\Users\USER1\tmp\.ssh-pageant-USER1'
> $env:SSH_PAGEANT_PID=714
> .\ssh myserver
Logged in to myserver
Still have to test a couple of points, and automate the operation.仍然需要测试几个点,并使操作自动化。
In particular, executing ssh-pageant , detecting the PID # if it is returned, and setting environment variable SSH_PAGEANT_PID from PS if that is the case.特别是,执行ssh-pageant ,如果返回,则检测 PID #,如果是这种情况,则从 PS 设置环境变量SSH_PAGEANT_PID 。 This is a little bit more cumbersome than in Msys2, since ssh-pageant spits something directly executable by bash.这比在 Msys2 中要麻烦一些,因为ssh-pageant会吐出一些可以由 bash 直接执行的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.