Get-SshAgent return always 0

[nlhommet]

System Details

• posh-git version/path: 0.7.3 / C:\Program Files\WindowsPowerShell\Modules\posh-git
• PowerShell version: 5.1.17134 revision 48
• Git version: version 2.17.0.windows.1
• Operating system name and version: windows 10, version 1803

Issue Description

Since last update of windows (1803), Start-SshAgent seems not working.

My profile.ps1

Import-Module "posh-git"
Start-SshAgent -Quiet
$ChocolateyProfile = "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1"
if (Test-Path($ChocolateyProfile)) {
  Import-Module "$ChocolateyProfile"
}

Import-Module "Oh-My-Posh"

Get-SshAgent return always 0 and Git keeps prompting me for password.

[rkeithhill]

From PowerShell, what path does this command return Get-Command ssh-agent.exe?

[nlhommet]

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh-agent.exe                                      7.6.0.0    C:\WINDOWS\System32\OpenSSH\ssh-agent.exe

[dahlbyk]

What happens if you run ssh-agent without the posh-git Start-SshAgent? The wrapper is really old, meant for the msys agent that ships with Git, not newer OpenSSH.

[nlhommet]

When I run ssh-agent nothing appear.
Get-Service -Name 'ssh-agent' return

Status   Name               DisplayName
------   ----               -----------
Running  ssh-agent          OpenSSH Authentication Agent

[dahlbyk]

That seems promising. The other thing Start-SshAgent does is ssh-add, which should add private key identities from ~/.ssh/.

[nlhommet]

ssh-add -L return my private key ssh-rsa AAAAB...G1Q== ~/.ssh/id_rsa

[dahlbyk]

But Git is still prompting you for your password?

I honestly have no idea if Git and Win32-OpenSSH are expected to play nicely together, or how to fix. I'll drop a note over in Git for Windows Gitter to see if someone can help.

[nlhommet]

When I launch my powershell session, powershell prompts me my password for my private key.

Windows PowerShell
Copyright (C) Microsoft Corporation. Tous droits réservés.

Enter passphrase for ~/.ssh/id_rsa:
Identity added: ~/.ssh/id_rsa (~/.ssh/id_rsa)
Le chargement des profils personnels et système a duré 90504 ms.
 ⚡ > ~ >

And Git is still prompting me for my password.

 ⚡ > D\..\..\ref_com >  develop ≣ > git fetch
Fetching origin
Enter passphrase for key '/~/.ssh/id_rsa':

[rkeithhill]

The way to get Git to use the new openssh is to set this env var:

GIT_SSH = C:\WINDOWS\System32\OpenSSH\ssh.exe

You can remove all the SSH stuff from your profile at this point.

[nlhommet]

Tx! it's working

[rkeithhill]

BTW depending on how you set that env var (presumably with the Edit System Variables dialog box) - some apps may not see that change until reboot. So for instance, if you use Visual Studio it should no longer prompt for a passphrase on a repo using ssh. But it "might" require a reboot to get VS to see the new env var.

[dahlbyk]

It sounds like Start-SshAgent should check if $sshAgent path includes OpenSSH. If it does:

1. Confirm the service is running; if it's not, should we start it?
   • What if the service isn't registered?
2. Check if GIT_SSH aligns with OpenSSH usage; if it doesn't, warn with instructions.

[rkeithhill]

It sounds like Start-SshAgent should check if $sshAgent path includes OpenSSH

Using Path might be a bit brittle since folks can grab the OpenSSH-portable package from here and install into a path of their choosing. We could check this way -

Get-Command ssh.exe | % FileVersionInfo | ? ProductVersion -match OpenSSH

Yup, we can only start the service if it has been registered. If they installed the ZIP from the GH repo, the ssh-agent service won't be registered unless they've run the install-sshd.ps1 script. That said, if they run the following command once from an Admin console, they'll never have to worry about starting ssh-agent again:

Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service

I suppose we could provide a warning if we detect that the ssh.exe in the path is the OpenSSH version and the user doesn't have GIT_SSH env var set appropriately. We would probably want a way to allow folks to disable the warning (another import arg?).

BTW it isn't a single env var. At my company we use Git with both TFS 2015 and Bitbucket. In order to get the cipher suite to work for both, I use this env var:

GIT_SSH_COMMAND = "C:\Program Files\OpenSSH\ssh.exe" -c aes128-cbc

And the quotes around the path are needed even if there are no spaces in that path.

[Halofreak1990]

Just stumbled upon this as I was looking for a solution to this very problem. After adding the GIT_SSH environment variable and rebooting, I am now only asked for the password once for each new PowerShell window, and not every time.

[rkeithhill]

If you have done the following:

1. Started the OpenSSH ssh-agent service (the one in C:\windows\system32\openssh)
2. Set up the ssh-agent service to start "Automatically"
3. Configured an environment variable named GIT_SSH to point to the OpenSSH ssh.exe e.g. GIT_SSH = C:\WINDOWS\System32\OpenSSH\ssh.exe
4. And used ssh-add <private-key-file-path> e.g. ssh-add ~\.ssh\id_rsa to add your private key file. Again, make sure the ssh-add is the one from C:\windows\system32\openssh.

You should never be asked for your passphrase. In practice, I have found that I am sometimes asked for a passphrase after a Windows 10 insider build update. That is always because the ssh-agent service isn't running. As soon as I start it, I'm no longer asked for a passphrase.

[stereokai]

@rkeithhill Thank you! Lifesaver!

[dscho]

GIT_SSH = C:\WINDOWS\System32\OpenSSH\ssh.exe

If, for some reason, you need to use a 32-bit git.exe, please use GIT_SSH = C:\WINDOWS\SysNative\OpenSSH\ssh.exe instead.

[AnthonyMastrean]

@rkeithhill I tried following your advice in #575 (comment) and ran into a hang, as described in PowerShell/Win32-OpenSSH#1377... I'm not sure if I'm following up in the right place and thought you might have a more expert opinion 🙏

[yihuajack]

It probably because there was a bug in posh-git version 0.7.3 (also in 0.7.3.1). In Get-SshAgent function in GitUtils.ps1, the command $sshAgentProcess = Get-Process | Where-Object { ($_.Id -eq $agentPid) -and ($_.Name -eq 'ssh-agent') } would never correctly work because $agentPid = $Env:SSH_AGENT_PID is always different from the PID of the Windows process ssh-agent.exe. Besides, return 0 was wrongly placed at the outer block. Therefore, Get-SshAgent would always return 0. Another consequence was that the function Stop-SshAgent was also invalid for the same reason. For the command $proc = Get-Process -Id $agentPid -ErrorAction SilentlyContinue, Get-Process could not get the actual process ID and $proc was always equal to 0 so that Stop-Process would never be executed (and it was not stopping the actual PID).