How to maintain ssh-agent login session with Windows 10's new OpenSSH and PowerShell
Solution 1
You must configure OpenSSH Authentication Agent service to automatically start (or you can start it manually everytime when opening your powershell for the first time: Start-Service ssh-agent).
After that, you need to ssh-add C:\path\to\your\ssh\key\id_rsa only once. After that, everytime the ssh-agent is started, the key will be there. You can check with ssh-add -l.
EDIT: To have SSH agent to automatically start with Windows, you can run Set-Service ssh-agent -StartupType Automatic on a super-user powershell prompt.
Solution 2
Not a full answer, but still a solution to the problem that brought me here. (I also see a comment from one other person here that seems to be the same problem.)
If you have Git for Windows or MinGW or anything else which might add GNU utilities to your Windows path, that can interfere with the OpenSSH for Windows binaries. For me, I had to remove ProgramFiles/Git/bin from my PATH environment variable and then restart PowerShell in order to get this to work. Prior to that I was getting "communication with agent failed"
Solution 3
In addition to what's covered here, I ran into an issue getting it to work with Git because apparently Git uses its own SSH executable by default. To solve this, you need to set core.sshCommand in your Git config to point to the OpenSSH executable installed by Windows. This article is where I found the solution, and it covers all the steps of the process of setting up SSH in Windows: https://richardballard.co.uk/ssh-keys-on-windows-10/.
Solution 4
I knew it was advised against (partly due to this blog post: http://rabexc.org/posts/pitfalls-of-ssh-agents) - which is what made me get Keychain for Ubuntu.
In light of this argument I must warn you against using ssh-agent from the PowerShell port of openssh as it silently uses ondisk storage of your keys in the Registry. See my own question (and answer) where-does-windows-openssh-ssh-agent-service-secretly-store-private-keys for a full explanation.
Essentially there are 3 problems with it:
- It stores secret keys ON DISK - never use in a shared or guest situation
- (traces of) Secret keys remain ON DISK after deletion
- PoweShell implementation does not conform to the openssh manual page ssh-agent.1 in key aspects of security.
Related videos on Youtube
05 : 39
07 : 59
26 : 22
16 : 04
07 : 18
Southclaws
Software Engineer (Python, Golang) at Spotlight Data | Also into Video Editing, Motion graphics, VFX, Graphic Design and more!
Updated on September 18, 2022Comments
-
Southclaws over 1 year
On my Ubuntu machine, I simply use Keychain to maintain a single ssh-agent which stays logged in.
I'd like something similar to that on Windows now that OpenSSH is natively included. I was using Git Bash with the well-known
if [ -z "$SSH_AUTH_SOCK" ] ; then ...script but this resulted in many ssh agents being opened, I knew it was advised against (partly due to this blog post: http://rabexc.org/posts/pitfalls-of-ssh-agents) - which is what made me get Keychain for Ubuntu. Another reason for not using this any more is that I'm moving to PowerShell as my main shell.But I'm not sure how to achieve the same kind of thing on Windows specifically with PowerShell and with Win32-OpenSSH.
Thanks!
-
Mark Woon about 5 yearsCould you please add details on how to get ssh-agent to start automatically?
-
Davi Koscianski Vidal about 5 years@MarkWoon I just edited my answer with that.
-
Chris Dodd almost 5 yearsThis does not seem to work -- the Set-Service has no apparent effect, and the manual Start-Service, while it starts something, is also ineffective -- any ssh-add command thereafter fails with "communication with agent failed"...
-
Esben Andersen over 4 years* In the startmenu search for "Services" * Double click on "OpenSSH Authentication Agent" * Set the startup type to "Automatic" * Click "Start" * Click Ok and Exit * * Now go to PowerShell and add your key with "ssh-add" * After that the agent will remember your key when you need it :)
-
Alexis over 3 yearsThe agent doesn't remember my key just added.ssh-addfollowed byssh-agent -lshows nothing. -
Danny A over 3 yearsStarting the service manually didn't work for me, got "Cannot start service ssh-agent on computer" @EsbenAndersen's suggestion to use Services worked for me. The OpenSSH Authentication Agent service was set to Disabled by default, likely why Powershell couldn't start it.
-
Kamen Minkov over 3 years@EsbenAndersen Thanks for the tip, I was wondering why there wasn't "SSH Agent" or something like this in Services. -
DavidPostill almost 3 yearsWelcome to Super User! Please quote the essential parts of the answer from the reference link(s), as the answer can become invalid if the linked page(s) change.
