From daedb3c96549427ed84fba5c9ab3f9475a412243 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 15 Jan 2024 17:21:24 +0100 Subject: [PATCH] doc: Describe the ssh-agent protocol options for Windows. -- Also fix a typo in a macro. --- agent/gpg-agent.c | 4 ++-- doc/gpg-agent.texi | 21 ++++++++++++++++----- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 1db422737..b0150031d 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -366,7 +366,7 @@ static int putty_support; /* Path to the pipe, which handles requests from Win32-OpenSSH. */ static const char *win32_openssh_support; -#define W32_DEFAILT_AGENT_PIPE_NAME "\\\\.\\pipe\\openssh-ssh-agent" +#define W32_DEFAULT_AGENT_PIPE_NAME "\\\\.\\pipe\\openssh-ssh-agent" #endif /*HAVE_W32_SYSTEM*/ /* The list of open file descriptors at startup. Note that this list @@ -1295,7 +1295,7 @@ main (int argc, char **argv) if (pargs.r_type) win32_openssh_support = pargs.r.ret_str; else - win32_openssh_support = W32_DEFAILT_AGENT_PIPE_NAME; + win32_openssh_support = W32_DEFAULT_AGENT_PIPE_NAME; # endif break; diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 902de56f4..49cf16e39 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -623,19 +623,30 @@ are touched. @anchor{option --enable-ssh-support} @item --enable-ssh-support +@itemx --enable-win32-openssh-support @itemx --enable-putty-support @opindex enable-ssh-support +@opindex enable-win32-openssh-support @opindex enable-putty-support -The OpenSSH Agent protocol is always enabled, but @command{gpg-agent} -will only set the @code{SSH_AUTH_SOCK} variable if this flag is given. +On Unix platforms the OpenSSH Agent protocol is always enabled, but +@command{gpg-agent} will only set the @code{SSH_AUTH_SOCK} variable if +the option @option{enable-ssh-support} is given. Some Linux +distributions use the presence of this option to decide whether the +old ssh-agent shall be started. + +On Windows support for the native ssh implementation must be enabled +using the the option @option{enable-win32-openssh-support}. For using +gpg-agent as a replacement for PuTTY's Pageant, the option +@option{enable-putty-support} must be enabled. In this mode of operation, the agent does not only implement the gpg-agent protocol, but also the agent protocol used by OpenSSH -(through a separate socket). Consequently, it should be possible to use -the gpg-agent as a drop-in replacement for the well known ssh-agent. +(through a separate socket or via Named Pipes) or the protocol used by +PuTTY. Consequently, this allows to use the gpg-agent as a drop-in +replacement for the ssh-agent. -SSH Keys, which are to be used through the agent, need to be added to +SSH keys, which are to be used through the agent, need to be added to the gpg-agent initially through the ssh-add utility. When a key is added, ssh-add will ask for the password of the provided key file and send the unprotected key material to the agent; this causes the