mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-03-12 18:13:50 -05:00
8a2883933d
After a discussion with a user recently, I investigated the Windows native ssh.exe, and found it uses a Windows named pipe to talk to its ssh-agent, in exactly the same way Pageant does. So if you tell ssh.exe where to find Pageant's pipe, it can talk directly to Pageant, and then you can have just one SSH agent. The slight problem is that Pageant's pipe name is not stable. It's generated using the same system as connection-sharing pipe names, and contains a hex hash value whose preimage was fed through CryptProtectData. And the problem with _that_ is that CryptProtectData apparently reinitialises its seed between login sessions (though it's stable within a login session), which I hadn't fully realised when I reused the same pipe-name construction code. One possibility, of course, would be to change Pageant so that it uses a fixed pipe name. But after a bit of thought, I think I actually like this feature, because the Windows named pipe namespace isn't segregated into areas writable by only particular users, so anyone using that namespace on a multiuser Windows box is potentially vulnerable to someone else squatting on the name you wanted to use. Using this system makes that harder, because the squatter won't be able to predict what the name is going to be! (Unless you shut down Pageant and start it up again within one login session - but there's only so much we can do. And squatting is at most a DoS, because PuTTY's named-pipe client code checks ownership of the other end of the pipe in all cases.) So instead I've gone for a different approach. Windows Pageant now supports an extra command-line option to write out a snippet of OpenSSH config file format on startup, containing an 'IdentityAgent' directive which points at the location of its named pipe. So you can use the 'Include' directive in your main .ssh/config to include this extra snippet, and then ssh.exe invocations will be able to find wherever the current Pageant has put its pipe.
This is the README for PuTTY, a free Windows and Unix Telnet and SSH
client.
PuTTY is built using CMake <https://cmake.org/>. To compile in the
simplest way (on any of Linux, Windows or Mac), run these commands in
the source directory:
cmake .
cmake --build .
Documentation (in various formats including Windows Help and Unix
`man' pages) is built from the Halibut (`.but') files in the `doc'
subdirectory using `doc/Makefile'. If you aren't using one of our
source snapshots, you'll need to do this yourself. Halibut can be
found at <https://www.chiark.greenend.org.uk/~sgtatham/halibut/>.
The PuTTY home web site is
https://www.chiark.greenend.org.uk/~sgtatham/putty/
If you want to send bug reports or feature requests, please read the
Feedback section of the web site before doing so. Sending one-line
reports saying `it doesn't work' will waste your time as much as
ours.
See the file LICENCE for the licence conditions.