Page MenuHomePhabricator

Windows: Support for Pageant
Open, NormalPublic

Description

Pageant is PuTTY's SSH authentication agent. Multiple other FOSS projects like WinSCP use it too.

There exists a patch for libssh-0.5.3 (through 0.5.5) to support Pageant. However, it does not apply cleanly to 0.6.3.
http://code.ohloh.net/file?fid=E4Rb2mwou8NxjZQ//2pgNx7794uM&cid=9zDTNiYDvV0&s=&fp=305438&projSelected=true#L0

Currently on the X2Go Project, X2Go Client for Windows is stuck using libssh-0.5.5 because many of our users rely on Pageant support. We have bug 590 written for us to migrate to libssh 0.6.x with the Pageant patch applied.
http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=590

Event Timeline

migration created this object with visibility "Restricted Project (Project)".
migration created this object with edit policy "Restricted Project (Project)".

On Sunday, January 11th 2015 14:27:05, Michael DePaulo wrote:

Back in September, my friend Michael Frederick and I (gmail: psududemike) managed to port that patch to 0.6.3. We've been using it successfully in X2Go Client for Windows 4.0.3.0 and later.
That patch still applies to 0.6.4. I've attached the patch.

Comments are welcome.

I just signed my DCO. Mike Frederick assigned copyright of this patch to me, but if need be, he can sign the DCO also.

However, I am not sure about the DCO from the authors for the original patch. Actually, there were 2 different versions of the original patch:
0001-implement-support-for-putty-s-pageant.patch - which was superseded by:
0001-implement-support-for-putty-s-pageant-0.5.3.patch
And to make things more confusing, there were multiple versions of the 0.5.3 patch.
That ohloh.net link no longer works. But both original patches are available here.
https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/show/portage/win32libs/libssh

The 2 authors of those patches appear to be:
Patrick Spendrin <ps//ml`gmx.de>
Patrick von Reth

So at this point, I am not sure how to proceed. Let me ask: Did those 2 authors ever submit the DCO?

and:

On Thursday, January 15th 2015 09:03:58, Andreas Schneider wrote:

Thanks for your work. Copyright doesn't need to be assigned if all people are individuals. The Certificate of Origin is only for people who send patches with Corporate Copyright!

The patch is far from being in a state that I would include it. We need to design a new API for this, similar to pki.c. With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time. So we need a way to build with both and register the backend at the agent engine. We can discuss this on IRC.

On Friday, January 16th 2015 21:41:54, Michael DePaulo wrote:

Andreas Schneider wrote:
>With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time.

I did some research :

  1. It appears that there is no actively maintained port of OpenSSH (and therefore ssh-agent) to Windows. In order to not be affected by a vulnerability, one needs to use OpenSSH 6.7p1 or later.
  2. In the past, NoMachine ported SSH to Windows. But they are not maintaining it anymore. The last ported version was 5.9p1. https://www.nomachine.com/AR11K00739 https://www.nomachine.com/NoMachine-OSS-ports
  3. There is actively maintained software such as "OpenSSH for Windows", which is at 6.7p1. But they are actually OpenSSH for Cygwin with an easy Windows installer. http://www.mls-software.com/opensshd.html

    If you'd like, I can test cygwin ssh-agent 6.7p1 with native Windows libssh and see if it actually works. But I do not feel it is appropriate to maintain support for native Windows ssh-agent so long as it is unmaintained.
migration updated the task description. (Show Details)Jun 19 2017, 8:49 AM

On Sunday, January 11th 2015 14:27:05, Michael DePaulo wrote:

Back in September, my friend Michael Frederick and I (gmail: psududemike) managed to port that patch to 0.6.3. We've been using it successfully in X2Go Client for Windows 4.0.3.0 and later.
That patch still applies to 0.6.4. I've attached the patch.

Comments are welcome.

I just signed my DCO. Mike Frederick assigned copyright of this patch to me, but if need be, he can sign the DCO also.

However, I am not sure about the DCO from the authors for the original patch. Actually, there were 2 different versions of the original patch:
0001-implement-support-for-putty-s-pageant.patch - which was superseded by:
0001-implement-support-for-putty-s-pageant-0.5.3.patch
And to make things more confusing, there were multiple versions of the 0.5.3 patch.
That ohloh.net link no longer works. But both original patches are available here.
https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/show/portage/win32libs/libssh

The 2 authors of those patches appear to be:
Patrick Spendrin <ps//ml`gmx.de>
Patrick von Reth

So at this point, I am not sure how to proceed. Let me ask: Did those 2 authors ever submit the DCO?

and:

On Thursday, January 15th 2015 09:03:58, Andreas Schneider wrote:

Thanks for your work. Copyright doesn't need to be assigned if all people are individuals. The Certificate of Origin is only for people who send patches with Corporate Copyright!

The patch is far from being in a state that I would include it. We need to design a new API for this, similar to pki.c. With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time. So we need a way to build with both and register the backend at the agent engine. We can discuss this on IRC.

On Friday, January 16th 2015 21:41:54, Michael DePaulo wrote:

Andreas Schneider wrote:
>With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time.

I did some research :

  1. It appears that there is no actively maintained port of OpenSSH (and therefore ssh-agent) to Windows. In order to not be affected by a vulnerability, one needs to use OpenSSH 6.7p1 or later.
  2. In the past, NoMachine ported SSH to Windows. But they are not maintaining it anymore. The last ported version was 5.9p1. https://www.nomachine.com/AR11K00739 https://www.nomachine.com/NoMachine-OSS-ports
  3. There is actively maintained software such as "OpenSSH for Windows", which is at 6.7p1. But they are actually OpenSSH for Cygwin with an easy Windows installer. http://www.mls-software.com/opensshd.html

    If you'd like, I can test cygwin ssh-agent 6.7p1 with native Windows libssh and see if it actually works. But I do not feel it is appropriate to maintain support for native Windows ssh-agent so long as it is unmaintained.
migration updated the task description. (Show Details)Jun 19 2017, 8:50 AM

On Sunday, January 11th 2015 14:27:05, Michael DePaulo wrote:

Back in September, my friend Michael Frederick and I (gmail: psududemike) managed to port that patch to 0.6.3. We've been using it successfully in X2Go Client for Windows 4.0.3.0 and later.
That patch still applies to 0.6.4. I've attached the patch.

Comments are welcome.

I just signed my DCO. Mike Frederick assigned copyright of this patch to me, but if need be, he can sign the DCO also.

However, I am not sure about the DCO from the authors for the original patch. Actually, there were 2 different versions of the original patch:
0001-implement-support-for-putty-s-pageant.patch - which was superseded by:
0001-implement-support-for-putty-s-pageant-0.5.3.patch
And to make things more confusing, there were multiple versions of the 0.5.3 patch.
That ohloh.net link no longer works. But both original patches are available here.
https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/show/portage/win32libs/libssh

The 2 authors of those patches appear to be:
Patrick Spendrin <ps//ml`gmx.de>
Patrick von Reth

So at this point, I am not sure how to proceed. Let me ask: Did those 2 authors ever submit the DCO?

and:

On Thursday, January 15th 2015 09:03:58, Andreas Schneider wrote:

Thanks for your work. Copyright doesn't need to be assigned if all people are individuals. The Certificate of Origin is only for people who send patches with Corporate Copyright!

The patch is far from being in a state that I would include it. We need to design a new API for this, similar to pki.c. With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time. So we need a way to build with both and register the backend at the agent engine. We can discuss this on IRC.

On Friday, January 16th 2015 21:41:54, Michael DePaulo wrote:

Andreas Schneider wrote:
>With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time.

I did some research :

  1. It appears that there is no actively maintained port of OpenSSH (and therefore ssh-agent) to Windows. In order to not be affected by a vulnerability, one needs to use OpenSSH 6.7p1 or later.
  2. In the past, NoMachine ported SSH to Windows. But they are not maintaining it anymore. The last ported version was 5.9p1. https://www.nomachine.com/AR11K00739 https://www.nomachine.com/NoMachine-OSS-ports
  3. There is actively maintained software such as "OpenSSH for Windows", which is at 6.7p1. But they are actually OpenSSH for Cygwin with an easy Windows installer. http://www.mls-software.com/opensshd.html

    If you'd like, I can test cygwin ssh-agent 6.7p1 with native Windows libssh and see if it actually works. But I do not feel it is appropriate to maintain support for native Windows ssh-agent so long as it is unmaintained.
migration updated the task description. (Show Details)Jun 19 2017, 8:52 AM

On Sunday, January 11th 2015 14:27:05, Michael DePaulo wrote:

Back in September, my friend Michael Frederick and I (gmail: psududemike) managed to port that patch to 0.6.3. We've been using it successfully in X2Go Client for Windows 4.0.3.0 and later.
That patch still applies to 0.6.4. I've attached the patch.

Comments are welcome.

I just signed my DCO. Mike Frederick assigned copyright of this patch to me, but if need be, he can sign the DCO also.

However, I am not sure about the DCO from the authors for the original patch. Actually, there were 2 different versions of the original patch:
0001-implement-support-for-putty-s-pageant.patch - which was superseded by:
0001-implement-support-for-putty-s-pageant-0.5.3.patch
And to make things more confusing, there were multiple versions of the 0.5.3 patch.
That ohloh.net link no longer works. But both original patches are available here.
https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/show/portage/win32libs/libssh

The 2 authors of those patches appear to be:
Patrick Spendrin <ps//ml`gmx.de>
Patrick von Reth

So at this point, I am not sure how to proceed. Let me ask: Did those 2 authors ever submit the DCO?

and:

On Thursday, January 15th 2015 09:03:58, Andreas Schneider wrote:

Thanks for your work. Copyright doesn't need to be assigned if all people are individuals. The Certificate of Origin is only for people who send patches with Corporate Copyright!

The patch is far from being in a state that I would include it. We need to design a new API for this, similar to pki.c. With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time. So we need a way to build with both and register the backend at the agent engine. We can discuss this on IRC.

On Friday, January 16th 2015 21:41:54, Michael DePaulo wrote:

Andreas Schneider wrote:
>With ssh-agens it is possible that you want to support ssh-agend and pagent on Windows at the same time.

I did some research :

  1. It appears that there is no actively maintained port of OpenSSH (and therefore ssh-agent) to Windows. In order to not be affected by a vulnerability, one needs to use OpenSSH 6.7p1 or later.
  2. In the past, NoMachine ported SSH to Windows. But they are not maintaining it anymore. The last ported version was 5.9p1. https://www.nomachine.com/AR11K00739 https://www.nomachine.com/NoMachine-OSS-ports
  3. There is actively maintained software such as "OpenSSH for Windows", which is at 6.7p1. But they are actually OpenSSH for Cygwin with an easy Windows installer. http://www.mls-software.com/opensshd.html

    If you'd like, I can test cygwin ssh-agent 6.7p1 with native Windows libssh and see if it actually works. But I do not feel it is appropriate to maintain support for native Windows ssh-agent so long as it is unmaintained.
asn changed the visibility from "Restricted Project (Project)" to "Public (No Login Required)".Aug 17 2017, 3:11 PM
asn added a comment.Sep 4 2018, 9:12 PM

This probably needs some refactoring and nicer abstraction for ssh agents.