ssh - Unlocking private SSH key (with Cygwin/X11) when there is no local shell involved? - answerstu - answerstu

Unlocking private SSH key (with Cygwin/X11) when there is no local shell involved?

I have installed Cygwin/X11, including openssh. I have set up a public / private key pair. I have installed the public key in ~/.ssh/authorized_keys of RemoteHost.

I have configured Cygwin/X11 (via ~/.XWinrc) to provide a menu item which opens a RemoteHost shell in a local terminal:

menu root {
    RemoteShell    exec    "/bin/xterm.exe -e /usr/bin/ssh -Yl <user> RemoteHost"

RootMenu root

I want to be queried for the passphrase of my private key when this menu item is selected the first time. I do not want to be queried on subsequent calls.

As there is no local shell involved, i.e. I cannot do anything (like setting up ssh_agent or keychain) in ~/.bash_profile, I am a bit at a loss here. There is also no shell in which to enter the keyphrase.

How do I unlock my private SSH key when there is no local shell involved?

1 Answer

  1. Jerry- Reply


    • You can start ssh-agent in subsequent shell and to the new one export the environment variable (for example from a file created in the first one)

      ssh-agent > ~/.ssh_agent_env
      source ~/.ssh_agent_env
    • You can get asked for a passphrase using a GUI prompt, which is provided to ssh by the environment variable SSH_ASKPASS. In Linux, usually gnome-askpass or similar. There will be something similar in cygwin too.

    • There is AddKeysToAgent option, which will add the newly used keys to the running ssh-agent to achieve what you need.

    Both these would need some coding/checks before calling the final ssh, for example a bash script you can call in the RemoteShell exex /path/to/my/, for example:

    ps aux | grep ssh-agent | grep -v grep
    if [ "$?" = "1" ]; then
      # start a new agent (in a background) and store its environent
      ssh-agent > ~/.ssh_agent_env
    # load existing ssh-agent connection
    source ~/.ssh_agent_env
    /bin/xterm.exe -e /usr/bin/ssh -oAddKeysToAgent=yes -Yl <user> RemoteHost
    # or do whatever magic you want

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>