Pageant integration?

Feb 26, 2013 at 11:17 PM
Has anyone attempted to get ssh.net integrated with the PuTTY Pageant tool for managing keys?
Coordinator
Mar 2, 2013 at 3:01 PM
Hi,

I have somebody submitted it as a patch to be included in the library but unfortunately I could not include it since this solution is application specific.
If you interested you can download this patch here and see if it works for you.

Also, if you like and can create of this some klind of add on solution I could post it here as a seperate file that people can add or use if they would like pageant support.

Hope it helps.

Thanks,
Oleg
Mar 8, 2013 at 3:32 PM
Unfortunately, that code uses the .net 4+ MemoryMappedFile. I'm stuck with .net3.5 (For various reasons I'm not too happy with). There isn't a heavy reliance on that feature though so it may be fairly easy to replace.

Thanks,

Robert
Mar 8, 2013 at 6:16 PM
FYI, this patch works great under .net 4 without modification. Given that Pageant is the ubiquitous SSH agent for windows, it's a shame that it can't be included. It's as simple as:
        string host = "myhost";
        string username = "joeschmo";
        var agent = new PageantProtocol();
        var conn = new AgentConnectionInfo(host,username,agent);
        var client = new SshClient(conn));

        (Insert appropriate exception handling of course...).
Robert
Coordinator
Mar 9, 2013 at 3:09 PM
Hi,

The reason I cannot include it in the library is due to native method.
For example:
        [DllImport("user32.dll", EntryPoint = "SendMessageA", CallingConvention = CallingConvention.StdCall,
            ExactSpelling = true)]
        public static extern IntPtr SendMessage(IntPtr hWnd, int dwMsg, IntPtr wParam, ref COPYDATASTRUCT lParam);
Which is problematic in my view.
I would like to keep this library as open as possible and as pluggable as possible,


For this reason I keep ConnectionInfo class public that allows you to implement any additional connection info class like AgentConnectionInfo and use it.

Also AgentConnectionInfo can be implemented in your project without changing SshNet.

Hope it explains the reason behind this decision.

Thanks,
Oleg
Mar 11, 2013 at 3:30 PM
It does. That method struck me as distinctly non-standard for C#/.net. GetProcessByName might be more suitable for searching for the Pageant process. Thanks.
Apr 8, 2013 at 4:12 PM
Oleg,

This Pageant patch appears to work perfectly for Windows 7. But when I run it through Windows server 2008 R2, the authentication always fails. It appears to be something in the way the patch communicates with the Pageant API via SendMessageA. I don't know what the difference might be that would cause a change between Windows 7 and server 2008 though.

If you know who provided the patch, perhaps they would know?

Thanks,

Robert
Coordinator
Apr 8, 2013 at 4:32 PM
Hi,

You can look on source code tab, patches.
It was part of 12705 patch and its author is mladjenovic

Thanks,
Oleg
Apr 8, 2013 at 5:50 PM
Edited Apr 8, 2013 at 5:51 PM
Hi, sorry for posting here.
I had to use SendMessage winapi call because that's what putty uses internally . There is no official api for pageant. About you problem I can't help you because I do not have windows server 2008 environment to test it. It might be the problem with stricter uac in server edition. Are both you processes running with same elevation level? Here is the link with some fixes that uses new (at leat was new when I wrote it )AuthenticationMethod api. link
                                                                                                                                                                                                                 Best regards.
Apr 8, 2013 at 8:39 PM
Thanks for the update! I'll take a look and try it out. UAC is exactly the path I'm heading down at the moment so this is good timing. Both pageant and my application are running under the same user (Administrator) so it is a bit baffling. If I get it working, I'll let you know.
Apr 8, 2013 at 10:16 PM
I took a look in the WINPGNTC.C PuTTY source file and noticed:
    /*
     * Make the file mapping we create for communication with
     * Pageant owned by the user SID rather than the default. This
     * should make communication between processes with slightly
     * different contexts more reliable: in particular, command
     * prompts launched as administrator should still be able to
     * run PSFTPs which refer back to the owning user's
     * unprivileged Pageant.
     */
    usersid = get_user_sid();
So I went back to the PageantProtocol.cs file and added:
            ...
            using (var accessor = mmFile.CreateViewAccessor())
            {
                var security = mmFile.GetAccessControl();
                security.SetOwner(System.Security.Principal.WindowsIdentity.GetCurrent().User);
                mmFile.SetAccessControl(security);
            ...
to both the GetIdentities and SignData methods. Now it works like a charm on both Windows 7 and Server 2008. I don't know when PuTTY added the use of the SID, but it seems server 2008 is more strict about this than Windows 7.

Thanks for the clues!

Robert
May 21, 2013 at 6:34 PM
I tried to create a 64bit build of my application with SshNet+Pageant, but could only get the Pageant API to work when building as a 32 bit application. Not knowing the details of the Pageant protocol, I suspect the Pageant API is arch dependent.

Are there any suggestions for detecting which Pageant build is running and adapting to the API appropriately for this patch?