RE: [ITP] win-ssh-agent 1.07
Date: Thu, 3 Nov 2011 23:03:39 -0400 From: cgf To: cygwin-apps Subject: Re: [ITP] win-ssh-agent 1.07 I don't agree. I don't see why this couldn't be accomplished using standard UNIX tools and it seems like it might even be a potential security hole. I don't see the need to have this package in the distribution. I have been using ssh-agent with the -a option to explicitly specify the socket instead of the randomly chosen socket name. This avoids the slow execution of keychain and simplifys the location of the socket. The below is from my .bash_profile to launch the agent as needed. The initial test of SSH_AUTH_SOCK is to support a forwarded agent. if [ -z $SSH_AUTH_SOCK ]; then export SSH_AUTH_SOCK=$HOME/.ssh/ssh-auth-sock fi ssh-add -l /dev/null ec=$? if [ $ec -eq 2 ]; then rm $SSH_AUTH_SOCK /dev/null ssh-agent -a $SSH_AUTH_SOCK /dev/null ssh-add elif [ $ec -eq 1 ]; then ssh-add fi You can also define SSH_AUTH_SOCK in the registry if you wish for non-Cygwin uses. So I don't see a need for win-ssh-agent, unless the OP can identify any use cases not satisfied by existing options? Thanks, ...Karl
Re: [ITP] win-ssh-agent 1.07
On Sat, Nov 05, 2011 at 10:21:28PM -0800, Karl M wrote: So I don't see a need for win-ssh-agent, unless the OP can identify any use cases not satisfied by existing options? This is a dead subject. The OP has withdrawn the package.
Re: [ITP] win-ssh-agent 1.07
2011/11/4 Christopher Faylor On Thu, Nov 03, 2011 at 09:52:20AM -0400, Andrew Schulman wrote: I'd like to package and maintain win-ssh-agent for Cygwin. With the win-ssh-agent, we can use the ssh-agent (available inthe cygwin openssh) in the more smart way. Normally, we need to start all relevant programs, which mightneed to use the ssh, as child processes of the shell(e.g. bash) in which you eval'ed the ssh-agent. ?Because, theprograms must be able to refer to environment variables thatset by the ssh-agent. The win-ssh-agent enables all programs to refer to theenvironment variables of the ssh-agent, i.e. theSSH_AUTH_SOCK. ?Now, we no longer need to start programs aschild processes of the shell. +1 Sounds useful. I don't agree. ?I don't see why this couldn't be accomplished using standard UNIX tools The win-ssh-agent is for applications that uses the cygwin openssh internally and are executed from the Explorer (i.e. via the ShellExecute() API). The keychain in the distribution cannot propagate SSH_AUTH_SOCK to them. Example: Consider the ntemacs ( http://ftp.gnu.org/pub/gnu/emacs/windows/ ) . (1) I want to use it because the cygwin emacs does not have its own windows. The cygwin emacs works only in the terminal. (2) I want to run it from the start menu or the Windows 7's task bar (not from the cygwin bash shell). It is the window's style to run applications. (3) I want to use the tramp ( http://www.gnu.org/s/tramp/ ) in the ntemacs. With it, I can treat documents on the remote machine as if they are on the local machine by: C-x C-f /sshx:usernameathostname:~/remote-file But with the keychain, the ntemacs becomes silent because the ssh (executed by the tramp) cannot know the SSH_AUTH_SOCK and it asks me about the passphrase in the hidden console. With the win-ssh-agent, the ntemacs knows the SSH_AUTH_SOCK, so the tramp works as expected. and it seems like it might even be a potential security hole. ?I don't see the need to have this package in the distribution. cgf The win-ssh-agent set the SSH_AUTH_SOCK and some enviroments to the user's registory (HKEY_CURRENT_USER\Environment\*), not to the system registory. -- Nayuta Taga
Re: [ITP] win-ssh-agent 1.07
On Nov 4 15:37, Nayuta Taga wrote: 2011/11/4 Christopher Faylor On Thu, Nov 03, 2011 at 09:52:20AM -0400, Andrew Schulman wrote: I'd like to package and maintain win-ssh-agent for Cygwin. With the win-ssh-agent, we can use the ssh-agent (available inthe cygwin openssh) in the more smart way. Normally, we need to start all relevant programs, which mightneed to use the ssh, as child processes of the shell(e.g. bash) in which you eval'ed the ssh-agent. ?Because, theprograms must be able to refer to environment variables thatset by the ssh-agent. The win-ssh-agent enables all programs to refer to theenvironment variables of the ssh-agent, i.e. theSSH_AUTH_SOCK. ?Now, we no longer need to start programs aschild processes of the shell. +1 Sounds useful. I don't agree. ?I don't see why this couldn't be accomplished using standard UNIX tools The win-ssh-agent is for applications that uses the cygwin openssh internally and are executed from the Explorer (i.e. via the ShellExecute() API). The keychain in the distribution cannot propagate SSH_AUTH_SOCK to them. You can eaily propagate the SSH_* environment variables to other sessions via scripting, if you store the variables in a known path. You don't have to change the registry for that to work. Example: Consider the ntemacs ( http://ftp.gnu.org/pub/gnu/emacs/windows/ ) . (1) I want to use it because the cygwin emacs does not have its own windows. The cygwin emacs works only in the terminal. Try xemacs. It has a Windows GUI fallback mode if there's no X display. (2) I want to run it from the start menu or the Windows 7's task bar (not from the cygwin bash shell). It is the window's style to run applications. You can start it from the start menu via a bash script which pulls in the SSH_* environment before starting emacs. Don't get me wrong, I'm not opposed to include win-ssh-agent into the distro if it gets enough votes, but there are simple ways to solve this problem without a Windows GUI application. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat
RE: [ITP] win-ssh-agent 1.07
Corinna Vinschen wrote on 2011-11-04: On Nov 4 15:37, Nayuta Taga wrote: 2011/11/4 Christopher Faylor On Thu, Nov 03, 2011 at 09:52:20AM -0400, Andrew Schulman wrote: I'd like to package and maintain win-ssh-agent for Cygwin. With the win-ssh-agent, we can use the ssh-agent (available inthe cygwin openssh) in the more smart way. Normally, we need to start all relevant programs, which mightneed to use the ssh, as child processes of the shell(e.g. bash) in which you eval'ed the ssh-agent. ?Because, theprograms must be able to refer to environment variables thatset by the ssh-agent. The win-ssh-agent enables all programs to refer to theenvironment variables of the ssh-agent, i.e. theSSH_AUTH_SOCK. ?Now, we no longer need to start programs aschild processes of the shell. +1 Sounds useful. I don't agree. ?I don't see why this couldn't be accomplished using standard UNIX tools The win-ssh-agent is for applications that uses the cygwin openssh internally and are executed from the Explorer (i.e. via the ShellExecute() API). The keychain in the distribution cannot propagate SSH_AUTH_SOCK to them. You can eaily propagate the SSH_* environment variables to other sessions via scripting, if you store the variables in a known path. You don't have to change the registry for that to work. keychain stores the ssh-agent environment variables in $HOME/.keychain/${HOSTNAME}-sh by default. I start keychain from my .bash_profile and then source $HOME/.keychain/${HOSTNAME}-sh in my .bashrc so all my shells get the right values even if they aren't spawned from the shell that started keychain. Hope this helps. -- Bryan Thrall Principal Software Engineer FlightSafety International bryan.thr...@flightsafety.com
Re: [ITP] win-ssh-agent 1.07
On 11/04/2011 12:37 AM, Nayuta Taga wrote: 2011/11/4 Christopher Faylor On Thu, Nov 03, 2011 at 09:52:20AM -0400, Andrew Schulman wrote: I'd like to package and maintain win-ssh-agent for Cygwin. -1, for reasons below... With the win-ssh-agent, we can use the ssh-agent (available inthe cygwin openssh) in the more smart way. Normally, we need to start all relevant programs, which mightneed to I'm not sure why your mail came through so garbled, but the large number of missing spaces in your message distracts from your attempt to appear professional in offering a package. use the ssh, as child processes of the shell(e.g. bash) in which you eval'ed the ssh-agent. ?Because, theprograms must be able to refer to environment variables thatset by the ssh-agent. The win-ssh-agent enables all programs to refer to theenvironment variables of the ssh-agent, i.e. theSSH_AUTH_SOCK. ?Now, we no longer need to start programs aschild processes of the shell. Example: Consider the ntemacs ( http://ftp.gnu.org/pub/gnu/emacs/windows/ ) . Non-cygwin program. If someone is willing to download a non-cygwin ntemacs, then they can also download a non-cygwin win-ssh-agent. (3) I want to use the tramp ( http://www.gnu.org/s/tramp/ ) in the ntemacs. With it, I can treat documents on the remote machine as if they are on the local machine by: C-x C-f /sshx:usernameathostname:~/remote-file Have you tried using the emacs that ships with cygwin? It includes tramp.elc already built in, without needing a separate download. But if you are using the distro emacs, it seems like you are already okay using the distro for firing up that emacs instance, at which point I don't see a need for a gui frontend. Unless you can give an example where an app in the cygwin distro would be benefitted by adding a gui front-end to setting up the ssh-agent, and why existing mechanisms of starting any cygwin app via a simple shell script wrapper that attaches to $HOME/.keychain/${HOSTNAME}-sh if already present, then I don't see why the cygwin distro needs win-ssh-agent. I'm not saying that win-ssh-agent is bad (on the contrary, it does seem to help your use case of ntemacs), just that since your primary use case demonstration was as a stand-alone app for helping other non-cygwin apps, and not something that fills a void for interaction with existing cygwin apps. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org
Re: [ITP] win-ssh-agent 1.07
2011/11/4 Corinna Vinschen: On Nov 4 15:37, Nayuta Taga wrote: (1) I want to use it because the cygwin emacs does not have its own windows. The cygwin emacs works only in the terminal. Try xemacs. It has a Windows GUI fallback mode if there's no X display. It's nice! I'll try it. (2) I want to run it from the start menu or the Windows 7's task bar (not from the cygwin bash shell). It is the window's style to run applications. You can start it from the start menu via a bash script which pulls in the SSH_* environment before starting emacs. Yes, I can. 2011/11/4 Eric Blake: With the win-ssh-agent, we can use the ssh-agent (available inthe cygwin openssh) in the more smart way. Normally, we need to start all relevant programs, which mightneed to I'm not sure why your mail came through so garbled, but the large number of missing spaces in your message distracts from your attempt to appear professional in offering a package. I'm sorry for missing spaces. I don't know why this happened ... (3) I want to use the tramp ( http://www.gnu.org/s/tramp/ ) in the ntemacs. With it, I can treat documents on the remote machine as if they are on the local machine by: C-x C-f /sshx:usernameathostname:~/remote-file Have you tried using the emacs that ships with cygwin? It includes tramp.elc already built in, without needing a separate download. The URL is just a information for someone who are not familiar withthe tramp. I didn't download it from there. Unless you can give an example where an app in the cygwin distro would be benefitted by adding a gui front-end to setting up the ssh-agent, and why existing mechanisms of starting any cygwin app via a simple shell script wrapper that attaches to $HOME/.keychain/${HOSTNAME}-sh if already present, then I don't see why the cygwin distro needs win-ssh-agent. I'm not saying that win-ssh-agent is bad (on the contrary, it does seem to help your use case of ntemacs), just that since your primary use case demonstration was as a stand-alone app for helping other non-cygwin apps, and not something that fills a void for interaction with existing cygwin apps. Ok. I understand why win-ssh-agent should be distributed separatelyfrom the cygwin's distro. Thanks for your valuable feedback. I withdraw this ITP.-- Nayuta Taga
Re: [ITP] win-ssh-agent 1.07
Sorry for my broken mail. I send it again by other mailer. 2011/11/4 Corinna Vinschen: On Nov 4 15:37, Nayuta Taga wrote: (1) I want to use it because the cygwin emacs does not have its own windows. The cygwin emacs works only in the terminal. Try xemacs. It has a Windows GUI fallback mode if there's no X display. It's nice! I'll try it. (2) I want to run it from the start menu or the Windows 7's task bar (not from the cygwin bash shell). It is the window's style to run applications. You can start it from the start menu via a bash script which pulls in the SSH_* environment before starting emacs. Yes, I can. 2011/11/4 Eric Blake: With the win-ssh-agent, we can use the ssh-agent (available inthe cygwin openssh) in the more smart way. Normally, we need to start all relevant programs, which mightneed to I'm not sure why your mail came through so garbled, but the large number of missing spaces in your message distracts from your attempt to appear professional in offering a package. I'm sorry for missing spaces. I don't know why this happened ... (3) I want to use the tramp ( http://www.gnu.org/s/tramp/ ) in the ntemacs. With it, I can treat documents on the remote machine as if they are on the local machine by: C-x C-f /sshx:usernameathostname:~/remote-file Have you tried using the emacs that ships with cygwin? It includes tramp.elc already built in, without needing a separate download. The URL is just a information for someone who are not familiar with the tramp. I didn't download it from there. Unless you can give an example where an app in the cygwin distro would be benefitted by adding a gui front-end to setting up the ssh-agent, and why existing mechanisms of starting any cygwin app via a simple shell script wrapper that attaches to $HOME/.keychain/${HOSTNAME}-sh if already present, then I don't see why the cygwin distro needs win-ssh-agent. I'm not saying that win-ssh-agent is bad (on the contrary, it does seem to help your use case of ntemacs), just that since your primary use case demonstration was as a stand-alone app for helping other non-cygwin apps, and not something that fills a void for interaction with existing cygwin apps. Ok. I understand why win-ssh-agent should be distributed separately from the cygwin's distro. Thanks for your valuable feedback. I withdraw this ITP. -- Nayuta Taga
Re: [ITP] win-ssh-agent 1.07
I'd like to package and maintain win-ssh-agent for Cygwin. With the win-ssh-agent, we can use the ssh-agent (available inthe cygwin openssh) in the more smart way. Normally, we need to start all relevant programs, which mightneed to use the ssh, as child processes of the shell(e.g. bash) in which you eval'ed the ssh-agent. Because, theprograms must be able to refer to environment variables thatset by the ssh-agent. The win-ssh-agent enables all programs to refer to theenvironment variables of the ssh-agent, i.e. theSSH_AUTH_SOCK. Now, we no longer need to start programs aschild processes of the shell. +1 Sounds useful.
Re: [ITP] win-ssh-agent 1.07
On Thu, Nov 03, 2011 at 09:52:20AM -0400, Andrew Schulman wrote: I'd like to package and maintain win-ssh-agent for Cygwin. With the win-ssh-agent, we can use the ssh-agent (available inthe cygwin openssh) in the more smart way. Normally, we need to start all relevant programs, which mightneed to use the ssh, as child processes of the shell(e.g. bash) in which you eval'ed the ssh-agent. ?Because, theprograms must be able to refer to environment variables thatset by the ssh-agent. The win-ssh-agent enables all programs to refer to theenvironment variables of the ssh-agent, i.e. theSSH_AUTH_SOCK. ?Now, we no longer need to start programs aschild processes of the shell. +1 Sounds useful. I don't agree. I don't see why this couldn't be accomplished using standard UNIX tools and it seems like it might even be a potential security hole. I don't see the need to have this package in the distribution. cgf