-
Notifications
You must be signed in to change notification settings - Fork 591
Add Support for SSH Keys #25
Comments
👍 |
When it comes to OpenSSH, maybe imitate |
Yes I was hoping for something like ssh-agent |
So @simon-p-r... here's your chance, it's all Open Source now ;-) |
Sure @dscho however I am not a c# programmer I am afraid 😞 so can't help not won't help! I can always write documentation once I know how it works. In the past I have tried various hacks and scripts to get ssh-agent working on Windows but none I would safely want to use! |
+1 |
I currently use pageant to manage my SSH keys on Windows. I wouldn't mind a more powerful option that could keep the passphrase stored on disk (encrypted, of course) so that I don't have to enter it each time I log in to my Windows account. |
+1 |
1 similar comment
+1 |
/cc @jeremyepling |
+1 |
While I appreciate the enthusiasm to put on record your desire to see this issue resolved, I cannot help but notice that the information that might help implement the feature is drowned out by those "me, too" messages... Probably unintended? |
A very fair concern @dscho, but the "me too" votes will get translated into priority so that I get time to work on adding the feature. 😉 |
+1 |
2 similar comments
👍 |
+1 |
As for Why am I not seeing my SSH keys being saved?. |
+1 :-) and thanks for the already awesome work ! |
+1 |
3 similar comments
+1 |
+1 |
+1 |
+1 |
+1 |
Not sure that this is the right issue I can't get credential store to work for ssh:// protocol with a local dev server. Now it happens that this tunnels over SSH but I don't see how managing keys would help all I want is for it to store my credentials in Windows Credential Cache, which somehow is not happening on my dev machine. which git-credential-manager returns %HOME%\bin somehow it never gets invoked. It's almost useless for my purposes, surely somebody runs basic tests before releases? |
The GCM only supports HTTPS currently. I'm not even sure what supporting the git:// protocol would entail as it's is nearly always used of SSH in my experience.
Of course we do, but your use-case isn't supported at the moment. |
So I apologise winstore never had this functionality so please consider this a feature request. I know it is possible to set up ssh keys in such a way as not to require a password, but it seems such a obvious use case to just store a password. It is some time since I have used Windows for this purpose, my main machine is a Mac. I ought to clarify that I am actually talking about the ssh protocol |
git:// is not authenticated. At all. Which credentials should we store, then? |
I corrected my mistake, see above. But surely ssh is an encrypted version of the git protocol? |
Kind of. SSH provides a secure tunneling layer, through which you can perform encrypted operations safely (tm). |
No, it is not an encrypted version of the git:// protocol. The git:// protocol is an independent protocol altogether, ssh is a mechanism to run executables on a remote machine (sporting its very own, encrypted protocol that has nothing to do with Git whatsoever). When Git uses ssh to talk to remote repositories, the process is actually closer to talking to local repositories than to using the git:// protocol. Both when using the git:// protocol and when using ssh, Git is not concerned with authentication at all. When using ssh, that responsibility is left entirely to ssh. So let's stop talking about this right here and right now:
|
I am sorry for messing up your ticket I have solved my issue by the key exchange I mentioned and will not waste any of your precious time in future. And by the way because I know English is not your first language I will point out again that I was NOT talking about the git protocol. I don't care and with your attitude I am not sure I care about this project now. |
+1 |
@MatthiasF999 please use "reactions" instead of extraneous comments. They are much more visible for what you intended to do. |
Any updates on this? |
SSH functionality is not provided by Git itself, but by an external program. By default, this external program is OpenSSH, and if the user already has saved PuTTY connections, Git for Windows' installer also offers to configure PuTTY to do the job. Additionally, Git lets the user override this configuration to use yet other SSH programs for the job, via the environment variable All of these SSH implementations need to stay independent of Git. Their primary purpose is not to support Git, but to support SSH connections. Seeing as the Git Credential Manager is a very Git-centric component, it would be improper to change those SSH implementations to rely on the Credential Manager all of a sudden. Having said that, it is possible to modify, say, OpenSSH to interact optionally either with the Git Credential Manager or directly with the credential store, compatible with the Credential Manager. That would definitely be outside the purview of the Git Credential Manager project. I would therefore recommend to close this ticket. Having said that, as all of the involved components are Open Source, there is nothing to stop any developer who wants this badly enough. So let's have a closer look at OpenSSH. Normally one would store private keys in Now, So: a developer who really wants to store SSH keys in their credential store could implement a custom And there is also PKCS11Provider (see http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5 how to configure OpenSSH to use such a provider). And this is where things get interesting: typically known as "that smartcard thing", PKCS#11 is actually a real API specification: https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-11-cryptographic-token-interface-standard.htm. All it needs is a PKCS#11 compliant On the other hand, if you only want to store the passphrase in the credential store, you may want to use https://github.com/lukesampson/askpass in combination with In any case, as I said, from my point of view this ticket should be closed because
|
@JohannesSchlindelin Thanks for the great reply.
|
I'm going to have to agree with @dscho here and close the ticket. That does not mean we'll never come back to this issue and attempt a solution, it just means that for now I'd rather not get everyone's hopes up before we have an idea on how I could deliver a solution. |
Hey everyone, I've recently created a helper utility that configures your Windows environment to let you use Try it out! |
SSH is popular, it doesn't get much love on Windows - we need to give it love because it is awesome.
The text was updated successfully, but these errors were encountered: