Mailing List Archive

Hi!

I am not 100% sure whether I did understand you correctly:

You are in Windows 11 and want to use its native OpenSSH client to
connect to some other ssh server.

Why do you need Putty, which has an integrated but different ssh
implementation?

For Putty you had *enable-putty-support* in your gpg-agent.conf. For
the native client you need to add *enable-w32-openssh-support* to your
gpg-agent.conf. Better disable the Putty support; I am not sure whether
there are any conflicts.

Take care, alhough me and my scripts ssh into Windows10 and 11 boxes
quite often, the other way around is not that well tested.

For debugging options, please see my other mail from today.


Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Hello Werner,

thanks for your reply.

Your understanding is correct:
From Win 11 to any other (Linux) server using SSH.

Actually I installed PuTTY only because of this statement (I found in my
research):
"[...] The ssh-pageant provides the same kind of functionality to ssh
but, as opposed to ssh-agent, does speak the PuTTY protocol. This
enables ssh to speak with the gpg-agent via the ssh-pageant.[...]"

And ssh-pageant is not available for Win 11, but pageant is included in
PuTTY.

Could you please share some details of your working setup (scripts
connecting from Win 10/11 to other servers using SSH).

THX
Thomas


Am 15.01.24 um 17:36 schrieb Werner Koch via Gnupg-users:
> Hi!
>
> I am not 100% sure whether I did understand you correctly:
>
> You are in Windows 11 and want to use its native OpenSSH client to
> connect to some other ssh server.
>
> Why do you need Putty, which has an integrated but different ssh
> implementation?
>
> For Putty you had *enable-putty-support* in your gpg-agent.conf. For
> the native client you need to add *enable-w32-openssh-support* to your
> gpg-agent.conf. Better disable the Putty support; I am not sure whether
> there are any conflicts.
>
> Take care, alhough me and my scripts ssh into Windows10 and 11 boxes
> quite often, the other way around is not that well tested.
>
> For debugging options, please see my other mail from today.
>
>
> Shalom-Salam,
>
> Werner
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On Mon, 15 Jan 2024 20:03, Thomas Schneider said:

> And ssh-pageant is not available for Win 11, but pageant is included
> in PuTTY.

I didn't implemented or tested the newer --enable-w32-openssh-support so
I don't have first have experience. However, Windows comes with an sssh
server and an client, which are slighly modified OpenSSH versions. Thus
you should be able to simply run

c:\ ssh -v snowden@hawaii.nsa.gov

The ssh diagnostics enabled with -v should show you what's going on and
whether ssh tries to use an ssh-agent implementation.

You need to start gpg-agent first, of course:

gpgconf --launch gpg-agent

or run any gpg command or kleopatra, etc.)

> Could you please share some details of your working setup (scripts
> connecting from Win 10/11 to other servers using SSH).

Okay, let's try it: I just installed a gpg4win 4.3.0-beta and tried it
on my testbox (Windows 10.0 build 19045) using my regular token:

debug1: Next authentication method: publickey
debug1: Offering public key: cardno:FFFE_xxxxxxx ED25519 SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
debug1: Server accepts key: cardno:FFFE_xxxxxxx ED25519 SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
debug1: Authentication succeeded (publickey).
Authenticated to ftp.gnupg.org ([217.69.76.55]:22).

But that should also work with your gpg4win version.

>> the native client you need to add *enable-w32-openssh-support* to your

Oops, the option is actually *enable-win32-openssh-support*. I try to
get it into the Kleopatra config dialog with gnupg 2.4.4 - right now
kleopatra can only enable the Unix style ssh support.


Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Hello,

accidently I identified the root cause for this issue.

I executed this SSH command:

ssh <remoteserver>

I didn't use ssh <user>@<remoteserver> on purpose because I'm used to
use the same user on remoteserver as on client.

After executing SSH command

ssh <user>@<remoteserver>

gpg-agent works as expected and I can login with public key.

One may consider this as a bug, however I'm happy that I found a
solution for my issue.

Now I can proceed to next issue: SSH forward

Thanks for your great support!

Thomas

Am 2024-01-16 18:50, schrieb Werner Koch:

> On Mon, 15 Jan 2024 20:03, Thomas Schneider said:
>
>> And ssh-pageant is not available for Win 11, but pageant is included
>> in PuTTY.
>
> I didn't implemented or tested the newer --enable-w32-openssh-support
> so
> I don't have first have experience. However, Windows comes with an
> sssh
> server and an client, which are slighly modified OpenSSH versions.
> Thus
> you should be able to simply run
>
> c:\ ssh -v snowden@hawaii.nsa.gov
>
> The ssh diagnostics enabled with -v should show you what's going on and
> whether ssh tries to use an ssh-agent implementation.
>
> You need to start gpg-agent first, of course:
>
> gpgconf --launch gpg-agent
>
> or run any gpg command or kleopatra, etc.)
>
>> Could you please share some details of your working setup (scripts
>> connecting from Win 10/11 to other servers using SSH).
>
> Okay, let's try it: I just installed a gpg4win 4.3.0-beta and tried it
> on my testbox (Windows 10.0 build 19045) using my regular token:
>
> debug1: Next authentication method: publickey
> debug1: Offering public key: cardno:FFFE_xxxxxxx ED25519
> SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
> debug1: Server accepts key: cardno:FFFE_xxxxxxx ED25519
> SHA256:tXYM7ne2kI+ZUw7jGii9LBhoz8uB0ucKv28OSSW6a/g agent
> debug1: Authentication succeeded (publickey).
> Authenticated to ftp.gnupg.org ([217.69.76.55]:22).
>
> But that should also work with your gpg4win version.
>
> the native client you need to add *enable-w32-openssh-support* to your

Oops, the option is actually *enable-win32-openssh-support*. I try to
get it into the Kleopatra config dialog with gnupg 2.4.4 - right now
kleopatra can only enable the Unix style ssh support.

Shalom-Salam,

Werner

On Wed, 17 Jan 2024 08:22, Thomas said:

> I didn't use ssh <user>@<remoteserver> on purpose because I'm used to
> use the same user on remoteserver as on client.

Common problem for me too when I ssh into a Windows box where I use a
different user name on purpose ;-). This way you don't accidently login
into a testbox and run commands not intended for that box.


Shalom-Salam,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein