I've been using Pageant for handling SSH keys with Git (so that I only enter the key passphrase once) via setting the GIT_SSH environment variable.
What I want to do now is to use Pageant for regular SSH connections from my PowerShell terminal via the built-in OpenSSH client on Windows 10.
Is it possible to use Pageant as a standalone SSH agent in this scenario without using PuTTY?
https://github.com/cuviper/ssh-pageant seems to be the closest thing out there, but it's for Cygwin/MSYS only.
Yes, with a sufficiently recent version of Pageant, though it still has some problems.
The latest version of PuTTY now communicates with Pageant using the ssh-agent protocol via named pipes, which happens to be exactly the same IPC method as used by Win32-OpenSSH. Starting Pageant with --openssh-config will write out an OpenSSH config file containing the pipe path, which you can then Include from your .ssh/config.
Unfortunately, I couldn't get it to work reliably due to Pageant not using correct quoting around the named pipe path (which has backslashes in it).
I was able to script the fixes to the pagent.conf file (created with the --openssh-config option to Pageant). This script
adds double quotes around the named pipe path. Note that the named pipe path changes each reboot, so you will need to run this after each boot. I'm using bash and sed from the GOW package at https://github.com/bmatzelle/gow (Note that WSL2 has bash and sed executables that conflict with GOW and doesn't seem to work due to line ending issues)
fix.bash
#quote the named pipe string for compatibility.
if [ -e pagent.conf ]
then
if [ -e pagentfixed.conf ]
then
rm pagentfixed.conf
fi
sed.exe -e "s/ / \"/g;s/$/\"/" pagent.conf >pagentfixed.conf
fi
To run execute
bash fix.bash
from the ~/.ssh directory.
Then add at the top of your .ssh/config file
Include pagentfixed.conf
You can use Windows Scheduler to run this task 1 min after user login, which
will then update the new named pipe path (assuming your Pageant is loaded with --encrypted option and keys on startup)
WinSCP, VS Code and even Windows command-line SSH now seem to use the PuTTY/Pageant keys just fine. Be sure to load keys into Pageant with --encrypted option to delay prompting for passphrase, so that Windows reboots don't get hung on waiting for passphrase.
In addition to answer from @Lee Marske, the reason, why you might have problems with line ending issues
(Note that WSL2 has bash and sed executables that conflict with GOW and doesn't seem to work due to line ending issues)
is, that file is written in dos-format (CR-LF) instead of UNIX format (just CR).
You can see it when piping output e.g. into less:
sed -E 's# # \"#g;s#$#"#' pageant.conf |less
You will see something like ^M at the end of the line. In fact, you're replacing the LF by the quote instead.
"dentityAgent "\\.\pipe\pageant.my.name.2db1e00496d5e45bce6db04afef9edba06723774df1cf9a0f03^M
You can circumvent by searching for CR instead of EOL (press CTRL-V M to get the right character!!!):
sed -E 's# # "#g;s#^M#"#' pageant.conf > pageantfixed.conf
And please note that Putty-agent's name is "pageant" and not "pagent" ;-)
BTW: Unfortunately I have too less reputation here to add it as comment.
