gpg-agent with OpenSSH on Windows
Werner Koch
wk at gnupg.org
Sun Apr 23 19:01:23 CEST 2017
On Thu, 20 Apr 2017 09:15, gerhard.poul at gmail.com said:
> I opened an issue [2] and it seems that ssh-add has been adapted to use
> named pipes on Windows, wheres that is not the mechanism that gpg-agent
Arghh. Named Pipes under Windows are very hard to use as an emulation
for local sockets. The problem is that there is no mechanism to make
sure that they work only on the local machine. With the right
credentials you can use them remotely - which is a bad idea to implement
a local (ie. non-remote) IPC.
Frankly, OpenSSH should not use that and resort to our or the new Cygwin
way of emulating local sockets.
On Unix we use plain local sockets. On Windows we listen on 127.0.0.1
for a TCP connection; the port and a cookie is given in a file created
by the server and thus the connection is secured using file permissions.
Cygwin does something very similar.
Putty (and GnuPG's pageant support) support wraps the communication into
Windows messages.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20170423/2e769715/attachment.sig>
More information about the Gnupg-devel
mailing list