Work with Putty Pagent for SCP operations
Moderator: admin
Work with Putty Pagent for SCP operations
I use Putty on my Windows machine with Pagent. Can you extend LogMX to use Pagent to allow me to log into remote hosts without a password?
Hello,
Sorry for the slow answer.
After looking carefully at how Pageant works, it seems that applications must use Win32 APIs to get Private Keys stored by Pageant. Applications like PuTTY, WinSCP, WinCVS, TortoiseCVS, ... can use Pageant to get user Private keys because they are written in C/C++ and using Win32 APIs.
Pageant seems to use Win32 "Window Messages" (WM_*) to communicate with other applications (instead of sockets, which would be easier for Java applications like LogMX). In Pageant source file "winpgnt.c", see functions "answer_msg()" and "WndProc()", and "winpgntc.c" (from SVN repository "svn://svn.tartarus.org/sgt/putty/windows").
We could use native Java and a Win32 DLL, but we really want to keep LogMX small, independent and portable, so for now, we don't plan to implement such a feature.
Yet, you are right, we're using JSch which handles Public-key Authentication. So we are able to implement key-pair authentication for LogMX, which is more secure than password authentication (but you will still have to type your passphrase without the help of Pageant). This feature will surely be included in a next release.
Sorry for the slow answer.
After looking carefully at how Pageant works, it seems that applications must use Win32 APIs to get Private Keys stored by Pageant. Applications like PuTTY, WinSCP, WinCVS, TortoiseCVS, ... can use Pageant to get user Private keys because they are written in C/C++ and using Win32 APIs.
Pageant seems to use Win32 "Window Messages" (WM_*) to communicate with other applications (instead of sockets, which would be easier for Java applications like LogMX). In Pageant source file "winpgnt.c", see functions "answer_msg()" and "WndProc()", and "winpgntc.c" (from SVN repository "svn://svn.tartarus.org/sgt/putty/windows").
We could use native Java and a Win32 DLL, but we really want to keep LogMX small, independent and portable, so for now, we don't plan to implement such a feature.
Yet, you are right, we're using JSch which handles Public-key Authentication. So we are able to implement key-pair authentication for LogMX, which is more secure than password authentication (but you will still have to type your passphrase without the help of Pageant). This feature will surely be included in a next release.
OK, thanks.
An acceptable workaround would be for LogMX to be able to load my private key file and ask me for the password to unlock it. From that point forward, it could handle the authentication using the private key.
FYI, I looked at the man page for ssh-agent on my Linux machine, and it uses sockets.
An acceptable workaround would be for LogMX to be able to load my private key file and ask me for the password to unlock it. From that point forward, it could handle the authentication using the private key.
FYI, I looked at the man page for ssh-agent on my Linux machine, and it uses sockets.
Re: Work with Putty Pagent for SCP operations
This example from the JSch website shows how to do it:
http://www.jcraft.com/jsch/examples/UserAuthPubKey.java
http://www.jcraft.com/jsch/examples/UserAuthPubKey.java
Re: Work with Putty Pagent for SCP operations
Hello,
Sorry for this late response. Now LogMX v2.0.0 is released, we are currently studying this private key issue (at first sight, the PuTTY private key file is not directly compatible with JSch expected private key format, but we are trying to parse it and adapt it to JSch).
We will let you know or will get back to you if we have question for this new feature request
Xavier
Sorry for this late response. Now LogMX v2.0.0 is released, we are currently studying this private key issue (at first sight, the PuTTY private key file is not directly compatible with JSch expected private key format, but we are trying to parse it and adapt it to JSch).
We will let you know or will get back to you if we have question for this new feature request
Xavier
Re: Work with Putty Pagent for SCP operations
Putty can export an OpenSSH private key file, so if that is easier to parse or use, that would be acceptable too.
Thanks for continuing to look into it.
Thanks for continuing to look into it.
-
- Posts: 3
- Joined: Mon Aug 01, 2011 2:19 pm
Re: Work with Putty Pagent for SCP operations
Any progress on this?
Re: Work with Putty Pagent for SCP operations
Hello,
This feature request has currently a low level priority. We already have performed some analysis to implement it, but the implementation is not planned yet.
Yet, since there is one new request to implement such a feature, we now have increased its priority to medium (should be implemented in a few months, but not for the v3.0 release that will be available end of August).
Xavier.
This feature request has currently a low level priority. We already have performed some analysis to implement it, but the implementation is not planned yet.
Yet, since there is one new request to implement such a feature, we now have increased its priority to medium (should be implemented in a few months, but not for the v3.0 release that will be available end of August).
Xavier.
-
- Posts: 3
- Joined: Mon Aug 01, 2011 2:19 pm
Re: Work with Putty Pagent for SCP operations
Xavier,admin wrote: ...Yet, since there is one new request to implement such a feature, we now have increased its priority to medium (should be implemented in a few months, but not for the v3.0 release that will be available end of August).
Thanks for the reply - glad to know you're working on it! I don't mind whether you get LogMX working with PAgent, or just have LogMX keep its own key repository - either would work for me.
Allan.
Re: Work with Putty Pagent for SCP operations
I'm using LogMX on Windows & Linux, so I prefer that you be able to load a public & private key pair in OpenSSH format. Putty can export OpenSSH formats so that isn't a problem.
I've got several programs that need to load the private/public keys independently (such as Eclipse), so this is probably the best route to take.
I've got several programs that need to load the private/public keys independently (such as Eclipse), so this is probably the best route to take.
Re: Work with Putty Pagent for SCP operations
OK, thank you for your input, we will work on this right away for the next major release (v3.1).
Xavier.
Xavier.