PuTTY wish pageant-unix-either-or

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Privacy | Changes | Wishlist

summary: Agnostic agent/client mode in Unix Pageant
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
priority: low: We aren't sure whether to fix this or not.

Windows Pageant can operate in two modes: either run in the background as the actual SSH agent, or contact an existing agent and load a key. This has the useful purpose that you can run (probably via a Windows shortcut) a command such as 'pageant.exe my_key.ppk', with the semantics of 'make that key available, by whatever means are currently necessary': Pageant will either start up a new agent, if one doesn't yet exist, or else just load the key into the existing agent, if one does.

The Unix version of Pageant (new as of 2015-05) also contains the code to be both an agent and a client, but it currently has no mode in which both are possible: any currently legal command line is agent-only or client-only. But it would be just as useful on Unix as it is on Windows to have a single convenient command you could run that says 'just make this key available, please'.

This is more difficult on Unix because of the pre-existing convention that SSH clients expect to find their agent by looking at $SSH_AUTH_SOCK. So if you've already started an X session, for example, and didn't run an agent early in its setup so that $SSH_AUTH_SOCK was inherited by every process in the session, then there's no way to start an agent up now and have the whole GUI login session able to use it, in the way that Windows Pageant can.

Nevertheless, there are still some possibilities that could be useful. For example, on a terminal login session, you can run a command such as eval $(pageant -T key.ppk) to start an agent and load a key file. It would be reasonably sensible to arrange that that command, or a slight modification of it, could instead switch to loading the same key into an existing agent if one were available. Then you could assign the command into an alias or shell function, and have that shell function be conveniently idempotent – if you'd already run it once in your session, running it again would be harmless, and not even bother prompting for your passphrase again.

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2015-05-19 18:36:34 +0100)