nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-01 03:22:48 -05:00
Code Issues Projects Releases Wiki Activity

Windows Pageant: option to open an AF_UNIX socket.

Browse Source 
There's now a command-line option to make Pageant open an AF_UNIX
socket at a pathname of your choice. This allows it to act as an SSH
agent for any client program willing to use a WinSock AF_UNIX socket.

In particular, this allows WSL 1 processes to talk directly to Windows
Pageant without needing any intermediate process, because the AF_UNIX
sockets in the WSL 1 world interoperate with WinSock's ones.

(However, not WSL 2, which isn't very surprising.)
This commit is contained in:
Simon Tatham
2022-01-27 20:37:50 +00:00
parent 82971a3ebb
commit 6f8db22972
2 changed files with 120 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
doc/pageant.but
View File

@ -217,6 +217,45 @@ point at a different program. You could point it at
\cw{c:\\Windows\\System32\\OpenSSH\\ssh.exe} once you've done this
setup \dash but it's just as easy to point it at Plink!
\S{pageant-cmdline-unix} Unix-domain sockets: integrating with WSL 1
Pageant can listen on the WinSock implementation of \q{Unix-domain
sockets}. These interoperate with the Unix-domain sockets found in the
original Windows Subsystem for Linux (now known as WSL 1). So if you
ask Pageant to listen on one of these, then your WSL 1 processes can
talk directly to Pageant.
To configure this, run Pageant with the option \c{--unix}, followed
with a pathname. Then, in WSL 1, set the environment variable
\cw{SSH_AUTH_SOCK} to point at the WSL translation of that pathname.
For example, you might run
\c pageant --unix C:\Users\Simon\.ssh\agent.sock
and in WSL 1, set the environment variable
\c SSH_AUTH_SOCK=/mnt/c/Users/Simon/.ssh/agent.sock
Alternatively, you can add a line to your \cw{.ssh/config} file inside
WSL that says
\c IdentityAgent /mnt/c/Users/Simon/.ssh/agent.sock
although doing it like that may mean that \cw{ssh-add} commands won't
find the agent, even though \cw{ssh} itself will.
\s{Security note}: Unix-domain sockets are protected against access by
other users by the file protections on their containing directory. So
if your Windows machine is multiuser, make sure you create the socket
inside a directory that other users can't access at all. (In fact,
that's a good idea on general principles.)
\s{Compatibility note}: WSL 2 processes cannot talk to Pageant by this
mechanism, because WSL 2's Unix-domain sockets are managed by a
separate Linux kernel, and not by the same kernel that WinSock talks
to.
\S{pageant-cmdline-keylist} Starting with the key list visible
Start Pageant with the \i\c{--keylist} option to show the main window