-
Notifications
You must be signed in to change notification settings - Fork 759
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificates aren't properly added to the ssh-agent service in 8.9.1.0 #1954
Comments
I can confirm after testing this is happening for me as well (with ed25519 keys). |
Happening for me with ed25519 keys also. I compared with a coworkers Mac, and for some reason the Mac and their fancy dancy keyrings add both identities properly. To break this out a bit:
It's also worth noting that if you try to load the key in the agent again, it kicks the old key out. For example, running I tried to do a quick test on an Ubuntu 20 system and it showed the same behavior, so maybe this is an upstream bug??? I was running ssh 8.9 on powershell and the Ubuntu box was running 8.2, so hardly a definitive test. Maybe others can add their results. |
I had been banging my head against this for some time now, wondering why I was still getting prompted for passphrase on keys that I had added to the agent. I didn't notice that the private key was being missed until I saw this issue. I even reinstalled win32-openssh a couple of times to make sure I had a clean install and everything. Finally tried removing the certificate and everything works as expected. Has any progress been made on this? For reference I'm running the latest: |
Also, just found #1333, of which this appears to be a duplicate. |
This has been frustrating me too, identity and certificate both reported as added, but only the certificate shows with a subsequent |
Please answer the following
"OpenSSH for Windows" version
8.9.1.0
Server OperatingSystem
Ubuntu 20.04
Client OperatingSystem
Windows 11
What is failing
I can't add a certificate to the agent properly. The agent either contains the private key or the certificate (however that works internally) but not both as it should.
Expected output
Actual output
Context
If I first get the certificate and then add the key the above happens, i.e. I have to provide a password to login, but agent forwarding works, i.e. I can then login from control-0 into a different server without problems
If I first delete any old certificates, then add the key and then get a new certificate I can log into control-0 but agent forwarding is broken - i.e. the agent simply doesn't contain the certificate.
If I delete old certificates, add the key, get a new certificate and then add the key again it's the same as above - i.e. only the certificate shows up in the agent and I can't login with the agent.
This used to work in the 8.0.0.1 release on chocolatey but no longer works with the 8.9.1.0 msi from github
Restarting the agent doesn't help
Re-adding the key doesn't help
I tried adding the path with only "/" instead of "" as that was a problem in earlier versions but it didn't make a difference
After entering the password it connects just fine and as mentioned above I can then use the key and certificate in the agent (via forwarding) to connect to further servers.
Debugging Output
The service is also at the same path.
The text was updated successfully, but these errors were encountered: