-
-
Save chunter/3ec25dd802c2163265eacfcb6f53cb7d to your computer and use it in GitHub Desktop.
To make Pageant automatically run and load keys at startup: | |
- Find the location of pageant.exe | |
- Windows key + R to open the 'run' dialog box | |
- Type: 'shell:startup' in the dialog box | |
- Create a shortcut to the pageant.exe and put into this startup folder. | |
- Right click on the shortcut and open 'Properties' | |
- In 'Target' add: "<route to>/pageant.exe" myprivatekeyname.ppk | |
- In 'Start in' add: "<route to myprivatekeyname.ppk>" | |
- Click on the shortcut link and check that Pageant has started and has loaded your keys |
Thanks for sharing! 👍
Then one key to rule them all is better? 😉 Kidding aside - I wanted to have a separate key for one server, but maybe I can live with just one key for all servers (except one, all are inside my private network anyway).
If you use the same passphrase for all the keys, they should all be unencrpyted with the first passphrase input, from my experience.
Yes, I have the same passphrase for both keys. As the passphrase is partially stored in my mind and the other part on a hardware token, that should be ok, security-wise. Any objections? Sorry that this question might getting a bit OT here.
BTW, where could one ask for a solution of the problem described before (i.e. in case of different passphrases)?
I don't use PuTTY. Instead I use WSL and Windows Terminal. With BlackReloaded/wsl2-ssh-pageant
I had no problem using multiple keys. They did use the same passphrase, but I expect it would work fine with different passprases too. I could use multiple tmux panes and windows with the keys too, once I use a ~/.ssh/rc
script to automatically symlink the socket for use within tmux too. Since then I have stopped using pageant and use Windows built-in OpenSSH instead, where it stores the SSH key in an encrypted state in the registry and is automatically unencrypted when you logon, so it's seemless in the same way as it would be using a keychain in Linux or macOS.
Since the project is no longer maintained (1), do you use one of the many forks and can recommend one, or do you use the original? I use WSL2 (Debian), which indeed offers many possibilities.
(1) https://github.com/BlackReloaded/wsl2-ssh-pageant
Again, thanks for sharing! 👍
There are quite a few different things like that including ones that are based on npiperelay
, but I use BlackReloaded/wsl2-ssh-pageant
as it specifically supports GPG for Windows too, which I will still be using it for. It's only no longer maintained as the guy who wrote it doesn't use Windows anymore, but it still works perfectly fine. Eventually Microsoft will probably add something native that allows this.
Got it - indeed very promising. Meanwhile, I looked into this fork, which has several updates (not yet tested):
https://github.com/KerickHowlett/wsl2-ssh-bridge
EDIT1: I like Pageant, because it supports WinSCP, too, and I was not aware if there are alternatives for this, too.
EDIT2: Might be helpful, too:
https://gist.github.com/dinvlad/a62d44325fa2b989a046fe984a06e140
You may also find this guide for setting up KeePass + KeeAgent for WSL 2 SSH interesting:
https://gist.github.com/strarsis/e533f4bca5ae158481bbe53185848d49
Please note that
pagent
with--encrypted
still does not work for multiple connections/windows.When you load your key (one) as encrypted, it waits for first usage. So far so good.
Next you open two putty window, for two different server.
One popup window would appear and it would wait for input pass for the key.
Both putty windows are waiting at this point.
If you enter pass, key is loaded (unlocked), and used. But just for the first window.
The second window with putty would get stuck, and it would wait for an answer from pagent, which will never come.
Fix would be to send key to BOTH windows that are waiting for a key input.
Sure, if you close both putty windows and reopen then, then key would be used to both them as you open them.