External key agent and VANDYKE_SSH_AUTH_SOCK

[u49443]

Hello,

reading the documentation and trying to find information on the support of external key agent on Windows (Pageant, Windows OpenSSH agent (https://docs.microsoft.com/en-us/win..._keymanagement / https://devblogs.microsoft.com/power...s-server-1709/), KeeAgent, ...), I couldn't find that it's supported (https://forums.vandyke.com/showthread.php?t=12440), but I found VANDYKE_SSH_AUTH_SOCK mentioned once somewhere.

By setting the environment variable VANDYKE_SSH_AUTH_SOCK=\\.\pipe\openssh-ssh-agent, I'm able to list the keys contained in the agent, but trying to connect an host, SecureCRT connection hangs when trying to use publickeys. Using ioninja I found the error "All pipe instances are busy." is returned when connecting the pipe ; after this the agent is trying to respond/connect, but too late maybe? (As you can see, I know very little about Windows pipes ). It seems odd since the listing is working fine.

I have traces from IOninja if you want/need, basically it's:
Client file opened > Cannot open client file (All pipe instances are busy.) > Server file opened
and when listing keys:
Client file opened, send 00 00 00 01 0b, Server file opened, send 00 00 01 26 0c + keys

It looks like compatibility with the included OpenSSH agent in Windows is very close to be possible, is it planned / could you implement that so external agents like KeeAgent could be used?

Best,
Alexandre

[jdev]

Hello Alexandre,

Here are some points of clarification that may help to explain why you are seeing the behavior you reported:

• SSH_AUTH_SOCK is what OpenSSH uses.
  
• VANDYKE_SSH_AUTH_SOCK is what VanDyke Software products use on the Windows platform.
  
• VANDYKE_SSH_AUTH_SOCK (named in such a way as to not imply interoperability with or collide with SSH_AUTH_SOCK) is not interoperable with SSH_AUTH_SOCK.

I've captured feature requests on your behalf for SecureCRT to either use KeePass directly or by leveraging the OpenSSH agent on Windows.

I don't have any ETA as to if/when such might ever be implemented, but if either of these features become available we will be happy to post news of it here.

Quote:

I found VANDYKE_SSH_AUTH_SOCK mentioned once somewhere

Where did you see any mention of VANDYKE_SSH_AUTH_SOCK?


--Jake

[u49443]

Quote:

Originally Posted by jdev

VANDYKE_SSH_AUTH_SOCK (named in such a way as to not imply interoperability with or collide with SSH_AUTH_SOCK) is not interoperable with SSH_AUTH_SOCK.[/LIST]

Yes this is clear, sorry if I let understand confusion, I was just trying to make it work with a normal agent hoping it would work (which is partially true).

Quote:

Originally Posted by jdev

I've captured feature requests on your behalf for SecureCRT to either use KeePass directly or by leveraging the OpenSSH agent on Windows.

I don't have any ETA as to if/when such might ever be implemented, but if either of these features become available we will be happy to post news of it here.

Thank you, I hope you'll be able to implement this. Please note that KeeAgent is able to act like the new native Windows OpenSSH agent (ie. serve a named pipe at the same location), not just like Pageant.

Quote:

Originally Posted by jdev

Where did you see any mention of VANDYKE_SSH_AUTH_SOCK?

Not anywhere on Vandyke documentations , but somewhere on the Internet, software claiming to be compatible with SecureCRT (which doesn't seems to work actually).