Skip to content

Instantly share code, notes, and snippets.

@chunter
Created June 20, 2017 10:51
Show Gist options
  • Save chunter/3ec25dd802c2163265eacfcb6f53cb7d to your computer and use it in GitHub Desktop.
Save chunter/3ec25dd802c2163265eacfcb6f53cb7d to your computer and use it in GitHub Desktop.
Make Pageant autoload keys at startup
To make Pageant automatically run and load keys at startup:
- Find the location of pageant.exe
- Windows key + R to open the 'run' dialog box
- Type: 'shell:startup' in the dialog box
- Create a shortcut to the pageant.exe and put into this startup folder.
- Right click on the shortcut and open 'Properties'
- In 'Target' add: "<route to>/pageant.exe" myprivatekeyname.ppk
- In 'Start in' add: "<route to myprivatekeyname.ppk>"
- Click on the shortcut link and check that Pageant has started and has loaded your keys
@7wells
Copy link

7wells commented Feb 20, 2024

Hello! You do not need nircmd or other 3rd party tools. Windows has everything on board. The below batch file creates a temporary vbs script, executes it to create the startup entry for pageant, and it cleanly deletes the temporary vbs file afterwards. As shown in the example, you can add multiple keys in Arguments. Replace them by your key file name(s). You might also need to adjust the TargetPath to your pageant.exe file.

@echo off
cls
set SCRIPT="%TEMP%\%RANDOM%-%RANDOM%-%RANDOM%-%RANDOM%.vbs"
echo Set oWS = WScript.CreateObject("WScript.Shell") >> %SCRIPT%
echo sLinkFile = "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pageant.lnk" >> %SCRIPT%
echo Set oLink = oWS.CreateShortcut(sLinkFile) >> %SCRIPT%
echo oLink.TargetPath = "%PROGRAMFILES%\PuTTY\pageant.exe" >> %SCRIPT%
echo oLink.Arguments = "--encrypted %USERPROFILE%\.ssh\id_rsa.ppk %USERPROFILE%\.ssh\id_nistp256.ppk" >> %SCRIPT%
echo oLink.Save >> %SCRIPT%
cscript /nologo %SCRIPT%
del %SCRIPT%

Source: https://stackoverflow.com/questions/31814060/create-a-shortcut-with-parameters-added-to-the-program-path

@xsoft
Copy link

xsoft commented Feb 20, 2024

Please note that pagent with --encrypted still does not work for multiple connections/windows.

When you load your key (one) as encrypted, it waits for first usage. So far so good.
Next you open two putty window, for two different server.
One popup window would appear and it would wait for input pass for the key.
Both putty windows are waiting at this point.
If you enter pass, key is loaded (unlocked), and used. But just for the first window.
The second window with putty would get stuck, and it would wait for an answer from pagent, which will never come.
Fix would be to send key to BOTH windows that are waiting for a key input.
Sure, if you close both putty windows and reopen then, then key would be used to both them as you open them.

@7wells
Copy link

7wells commented Feb 20, 2024

Thanks for sharing! 👍

Then one key to rule them all is better? 😉 Kidding aside - I wanted to have a separate key for one server, but maybe I can live with just one key for all servers (except one, all are inside my private network anyway).

@eggbean
Copy link

eggbean commented Feb 20, 2024

If you use the same passphrase for all the keys, they should all be unencrpyted with the first passphrase input, from my experience.

@7wells
Copy link

7wells commented Feb 20, 2024

Yes, I have the same passphrase for both keys. As the passphrase is partially stored in my mind and the other part on a hardware token, that should be ok, security-wise. Any objections? Sorry that this question might getting a bit OT here.

BTW, where could one ask for a solution of the problem described before (i.e. in case of different passphrases)?

@eggbean
Copy link

eggbean commented Feb 20, 2024

I don't use PuTTY. Instead I use WSL and Windows Terminal. With BlackReloaded/wsl2-ssh-pageant I had no problem using multiple keys. They did use the same passphrase, but I expect it would work fine with different passprases too. I could use multiple tmux panes and windows with the keys too, once I use a ~/.ssh/rc script to automatically symlink the socket for use within tmux too. Since then I have stopped using pageant and use Windows built-in OpenSSH instead, where it stores the SSH key in an encrypted state in the registry and is automatically unencrypted when you logon, so it's seemless in the same way as it would be using a keychain in Linux or macOS.

@7wells
Copy link

7wells commented Feb 21, 2024

Since the project is no longer maintained (1), do you use one of the many forks and can recommend one, or do you use the original? I use WSL2 (Debian), which indeed offers many possibilities.

(1) https://github.com/BlackReloaded/wsl2-ssh-pageant

Again, thanks for sharing! 👍

@eggbean
Copy link

eggbean commented Feb 21, 2024

There are quite a few different things like that including ones that are based on npiperelay, but I use BlackReloaded/wsl2-ssh-pageant as it specifically supports GPG for Windows too, which I will still be using it for. It's only no longer maintained as the guy who wrote it doesn't use Windows anymore, but it still works perfectly fine. Eventually Microsoft will probably add something native that allows this.

@7wells
Copy link

7wells commented Feb 21, 2024

Got it - indeed very promising. Meanwhile, I looked into this fork, which has several updates (not yet tested):
https://github.com/KerickHowlett/wsl2-ssh-bridge

EDIT1: I like Pageant, because it supports WinSCP, too, and I was not aware if there are alternatives for this, too.

EDIT2: Might be helpful, too:
https://gist.github.com/dinvlad/a62d44325fa2b989a046fe984a06e140

@strarsis
Copy link

strarsis commented Apr 9, 2024

You may also find this guide for setting up KeePass + KeeAgent for WSL 2 SSH interesting:
https://gist.github.com/strarsis/e533f4bca5ae158481bbe53185848d49

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment