Can't get ssh-agent working

[altano]

Please answer the following

"OpenSSH for Windows" version
7.6.0.0

Windows 10 Pro

What is failing
C:\src> ssh-add C:\Users\alan\.ssh\ripper\ripper_id_rsa

Expected output
shrug

Actual output

Error connecting to agent: No such file or directory

Diagnostics
I used procmon to discover that the failed file open operation is on a file called 'C:\tmp\ssh-DEhw9URW70Jz\agent.24500' which does NOT exist. In fact, the c:\tmp directory doesn't exist.

I installed OpenSSH using choco install -y openssh -params '"/SSHAgentFeature"' and I verified that ssh-agent service is installed AND running.

What was supposed to create 'C:\tmp\ssh-DEhw9URW70Jz\agent.24500' and how can I diagnose why it didn't?

[coldacid]

I assume that %SSH_AUTH_SOCK% is set, and/or you're using a different ssh-add than the one that comes with Win32-OpenSSH. This port uses named pipes rather than files or sockets to communicate with ssh-agent, so anything that doesn't start with \\.\pipe\ is suspect.

Make sure you're using the correct ssh-add.exe and that the %SSH_AUTH_SOCK% environment variable is unset, and it should work then.

[altano]

UPDATE: Oh, you said UNSET %SSH_AUTH_SOCK%. Yeah, that did the trick. I'll figure out what is setting it and take care of that. Thanks :)

I'm definitely using the ssh from this OpenSSH port:

C:\WINDOWS\system32> Get-Command ssh-add

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh-add.exe                                        7.6.1.0    C:\Program Files\OpenSSH-Win64\ssh-add.exe


C:\WINDOWS\system32> Get-Command ssh

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh.exe                                            7.6.1.0    C:\Program Files\OpenSSH-Win64\ssh.exe

But interestingly,

C:\WINDOWS\system32> gci Env: | grep -i ssh
SSH_AGENT_PID                  8072
SSH_AUTH_SOCK                  /tmp/ssh-nxsdvBS2drI3/agent.24336

Which appears to be a valid path (in PowerShell) to c:\tmp, but still empty:

C:\WINDOWS\system32> gci -Recurse /tmp


    Directory: C:\tmp


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        4/14/2018   6:42 PM                ssh-DEhw9URW70Jz

[altano]

It was coming from posh-git. There's an effort to separate out ssh from posh-git[0] which maybe will make the two play well together, but for now I just uninstalled posh-git.

[0] dahlbyk/posh-git#526

[JeremySkinner]

For anyone who also comes across this issue who wants to use the ssh agent service that ships as part of the Win10 spring update and is using posh-git, a simple fix is just to delete the environment variables inside your profile after importing the posh-git module. Eg:

Import-Module "$mydir\posh-git\src\posh-git"
remove-item env:\SSH_AGENT_PID
remove-item env:\SSH_AUTH_SOCK

[davclark]

I just came to this issue after a fresh install (last night) of Win 10 Edu 1803. I don't have either SSH_AGENT_PID or SSH_AUTH_SOCK set, but still get:

PS> ssh-agent.exe
unable to start ssh-agent service, error :1058

or

PS> Get-Service ssh-agent

Status   Name               DisplayName
------   ----               -----------
Stopped  ssh-agent          OpenSSH Authentication Agent


PS> Start-Service ssh-agent
Start-Service : Service 'OpenSSH Authentication Agent (ssh-agent)' cannot be started due to the following error: Cannot start service ssh-agent on computer '.'.
At line:1 char:1
+ Start-Service ssh-agent
+ ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException
    + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand

Note that the SSH client was also NOT installed by default, and after installation didn't show up in my path right away (though seems to have done so eventually?).

EDIT: nevermind, worked this time when I ran in an administrative shell (it wasn't working before). I guess there is some async stuff that Windows 10 is doing in the background?

[kevmul]

For anyone else looking to fix this issue that uses Scoop.

I had this error thrown when I had pshazz installed using Scoop.
I ran

~ $ gci Env: | grep -i ssh
SSH_ASKPASS    C:\Users\{me}\scoop apps\pshazz\curren...

Uninstalled, and error went away.

Hope this helps!

UPDATE:

I saw this error over on pshazz lukesampson/pshazz#70 and @myty had a comment that solved this for me too, without uninstalling pshazz. Go take a look, and if it works give him a well deserved thumbs up!

[rageshkrishna]

Just ran in to this myself and found that the "Startup Type" for the ssh-agent service was set to "Disabled". I changed that to "Manual" and was able to start the service normally.

[manojampalam]

@rageshkrishna what's your openssh version?

[rageshkrishna]

I don't have an exact version number at the moment, but it was whatever came with the "OpenSSH Server" feature in Windows 10 (build 1803).

[manojampalam]

If so, this is expected, ssh-agent was set to disabled in the recent Windows 10 update. You'll have to enable it explicitly if you need it.

[jmegevand]

Hey that was my issue too:
1 . Check the current status of ssh-agent: "Get-Service | select -property name,starttype"
2. Set the new type : "Set-Service -Name ssh-agent -StartupType Manual"
3. Start it: "Start-Service ssh-agent"
4 Add simply your key as before: "ssh-add"

[egbertn]

On my Windows there is even no ssh-agent service.
SshDBroker service exists
SSH Server Proxy
SSH Server Broker
Therefore, I cannot add users from the commandline…
Microsoft Windows [Version 10.0.17134.137]

[manojampalam]

Looks like you may have Developer mode on. Can you disable those legacy services and see if you have ssh.exe and ssh-agent.exe installed under %windir%\system32\openssh ?

If you dont see them there - can you try installing OpenSSH using steps similar to what's detailed here (these were for Beta, your entries wouldn't have "Beta" in them) - https://blogs.msdn.microsoft.com/powershell/2017/12/15/using-the-openssh-beta-in-windows-10-fall-creators-update-and-windows-server-1709/

[egbertn]

Ok, developer mode is removed, those files exist but still the same message.

And starting it using PowerShell gives this:

Start-Service : Service 'OpenSSH Authentication Agent (ssh-agent)' cannot be started due to the following error: Cannot
start service ssh-agent on computer '.'.
At line:1 char:1

• Start-Service ssh-agent

•   + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
   ServiceCommandException
    + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
  

[manojampalam]

You could do the following to set ssh-agent back to "auto" on-demand start:
sc.exe config sshd start= auto

[egbertn]

Thanks. This also helped. Set-Service -name "ssh-agent" -startuptype "automatic"

[TUTUBIG]

@egbertn I have the same problems

[frankfuu]

For some reason it was disabled, just had to flick it to manual

Get-Service ssh-agent | Set-Service -StartupType Manual
Get-service ssh-agent | Start-Service

Then to make sure it's running

> Get-Service ssh-agent | select *

Name                : ssh-agent
RequiredServices    : {}
CanPauseAndContinue : False
CanShutdown         : False
CanStop             : True
DisplayName         : OpenSSH Authentication Agent
DependentServices   : {}
MachineName         : .
ServiceName         : ssh-agent
ServicesDependedOn  : {}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32OwnProcess
StartType           : Manual

[TCB13]

This works to start the service and I can successfully add keys, however, when trying to ssh to some server it seems to ignore the keys added and always asks for password :(

[manojampalam]

Are you sure? Its quite likely that your server is rejecting the key and asking for password.

[TCB13]

I’m sure, server has password login disabled. Also, I tried other servers / keys and they work fine on a Ubuntu box.

[manojampalam]

can you try ssh with -vvv flags and confirm from its traces that the key is indeed picked up/not ?

[TCB13]

@manojampalam here is my debug and an everything I tried:

ssh -V
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.4

Installed via scoop with:

sudo scoop install 7zip git win32-openssh 
[environment]::setenvironmentvariable('GIT_SSH', (resolve-path (scoop which ssh)), 'USER')
cd "C:\Users\TAD BNT\scoop\apps\win32-openssh\current\"
sudo .\install-sshd.ps1
sudo Set-Service ssh-agent -StartupType Automatic

Started the service:

Start-Service ssh-agent
Get-Service ssh-agent

Status   Name               DisplayName
------   ----               -----------
Running  ssh-agent          OpenSSH Authentication Agent

Added the key:

 ssh-add.exe "C:\Users\TAD BNT/.ssh/svpd4895"
Enter passphrase for C:\Users\TAD BNT/.ssh/svpd4895:
Identity added: C:\Users\TAD BNT/.ssh/svpd4895 (C:\Users\TAD BNT/.ssh/svpd4895)

Now the ssh command:

ssh pd4895
(....)
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\TAD BNT/.ssh/svpd4895
debug3: failed to open file:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
Enter passphrase for key 'C:\Users\TAD BNT/.ssh/svpd4895':

In my config file this server is set as:

host pd4895
  hostname svpd4895---
  user ---
  port ---
  IdentitiesOnly yes
  IdentityFile ~/.ssh/svpd4895

If I add AddKeysToAgent yes to my config file keys get automatically added to ssh-agent instead of me having to issue ssh-add path\key, but I still get the Enter passphrase for key message. It looks like there is some communication failure between the ssh client and the agent.

Also, I was reading previous comments again, and I don't have an SSH_AUTH_SOCK set:

 gci env:SSH_AUTH_SOCK
gci : Cannot find path 'SSH_AUTH_SOCK' because it does not exist.
At line:1 char:1
+ gci env:SSH_AUTH_SOCK

However, when I'm using AddKeysToAgent yes my keys get added to the agent (I can see that with `ssh-add -L), so, apparently, the ssh client is somehow communicating with the agent.

I also tried to use only windows directory separators \ and .ssh\svpd4895 and the issue is the same.

What am I missing here?

The full output of the ssh -vvv is available here: https://gist.github.com/TCB13/aa582b24a08dead443d1179811831d92

Many thanks.

[TCB13]

I've finally found the cause of my problem!

In my config file I had some global options:

Host *
  IdentitiesOnly yes
  AddKeysToAgent yes
  PreferredAuthentications publickey 

Apparently, if one sets IdentitiesOnly yes the SSH client will not ask the ssh-agent for keys. Maybe this is expected behavior, however, I was unaware of it and under macOS, that option doesn't cause this (maybe a bug in macOS?).

Setting IdentitiesOnly no in the global Hosts * section fixed everything! Many thanks for the previous comments.

[manojampalam]

Thanks for following up. This is something that I was unaware of too.
As per http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5
looks like this is expected behavior.

[NiKiZe]

The included version of OpenSSH in windows is mainly causing issues, and it is not clear how this ssh client is installed (When did Microsoft stop checking compability before releasing.)

I had to spend half a day to get my workflow with poshgit running again.
Fix for me: uninstall the windows OpenSSH client which is causing issues:
Get-WindowsCapability -Online | Where Name -like "*OpenSSH*" | Remove-WindowsCapability -Online

Posting here for anyone else that this causes issues for.

[pawel-majczyk]

Fix for me: uninstall the windows OpenSSH client which is causing issues:
Get-WindowsCapability -Online | Where Name -like "*OpenSSH*" | Remove-WindowsCapability -Online

Are you using different ssh-agent/ssh,exe client then? Is it the one provided with Git for Windows? Or maybe the Linux native installation?

I am browsing for answers everywhere to get my VSCode connect Git by ssh under windows and nothing helps.

[musm]

Ugh, so I had everything working for a very long time and now suddenly

Start-Service : Service 'OpenSSH Authentication Agent (ssh-agent)' cannot be started due to the following error: Cannot start service ssh-agent on computer '.'.
At line:1 char:1
+ Start-Service ssh-agent
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand

[zakur0]

My solution was found randomly on a Linux forum.
Had the issue :
I was running

ssh-add "C:\sshKeys\Key"   
Could not open a connection to your authentication agent.

and the solution was to run it like:

ssh-agent.exe ssh-add "C:\sshKeys\Key"   

[bittikettu]

I'm having similar issue, but the agent is running correctly and can be seen from the services that it is really running.
Trying to add the keys, but it says "Could not open a connection to your authentication agent.".

I was able to solve this issue by connecting my laptop back to our company's domain. This is really annoying feature. We have a script which makes a network-drive as a home directory. I tried to put an environmental variable which points to local drive but it does not work. Only workaround is to connect machine physically to company's network on with a VPN.

I don't have any issues at my home PC which is not bound to any Domain service active directory shitty-shitty. Starting to feel that I need to make some sort of a Docker-based workaround.

I think I am reasonably good at googling information, but in this case the terminology (mostly issues in Linux) distracts the searching a lot.

[SQLHorizons]

I just came to this issue after a fresh install (last night) of Win 10 Edu 1803. I don't have either SSH_AGENT_PID or SSH_AUTH_SOCK set, but still get:

PS> ssh-agent.exe
unable to start ssh-agent service, error :1058

or

PS> Get-Service ssh-agent

Status   Name               DisplayName
------   ----               -----------
Stopped  ssh-agent          OpenSSH Authentication Agent


PS> Start-Service ssh-agent
Start-Service : Service 'OpenSSH Authentication Agent (ssh-agent)' cannot be started due to the following error: Cannot start service ssh-agent on computer '.'.
At line:1 char:1
+ Start-Service ssh-agent
+ ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException
    + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand

Note that the SSH client was also NOT installed by default, and after installation didn't show up in my path right away (though seems to have done so eventually?).

EDIT: nevermind, worked this time when I ran in an administrative shell (it wasn't working before). I guess there is some async stuff that Windows 10 is doing in the background?

In my case I found the service disabled, not sure how that happened but running following fix it:

Set-Service ssh-agent -StartupType Manual

[bakgaard]

My solution was found randomly on a Linux forum.
Had the issue:

ssh-agent.exe ssh-add "C:\sshKeys\Key"   

I had to make a minor change, but that helped me too:

.'C:\Program Files\Git\usr\bin\ssh-agent.exe' 'C:\Program Files\Git\usr\bin\ssh-add.exe' $env:home\.ssh\id_rsa

[rztprog]

If the command don't work (in vscode for my case), change the StartType by the Gui

1. Search with the windows explorer "Services.msc" (Or go to %windir%\system32\services.msc)
2. Search for "OpenSSH Authentication Agent"
3. Change mod for "auto" and apply
4. Its worked :)

[bersbersbers]

@manojampalam can you explain why you think this is expected behavior?

As per http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5
looks like this is expected behavior.

The link you posted states this:

IdentityFile may be used in conjunction with IdentitiesOnly to select which identities in an agent are offered during authentication.

So in my reading, IdentitiesOnly can have an effect on which identities an agent offers, but should still enable offering the one represented by IdentityFile. Or am I misreading this?

[RumSpy]

In on Windows 10: you need to allow the C:\Windows\System32\OpenSSH\ exe files to have access to the controlled folder access (i.e. sudo rights) in windows using the modern windows security settings app. It is a permissions issue with Windows.

[szaimen]

In on Windows 10: you need to allow the C:\Windows\System32\OpenSSH\ exe files to have access to the controlled folder access (i.e. sudo rights) in windows using the modern windows security settings app. It is a permissions issue with Windows.

how do I do that?

[Chetan496]

I'm having similar issue, but the agent is running correctly and can be seen from the services that it is really running.
Trying to add the keys, but it says "Could not open a connection to your authentication agent.".

I was able to solve this issue by connecting my laptop back to our company's domain. This is really annoying feature. We have a script which makes a network-drive as a home directory. I tried to put an environmental variable which points to local drive but it does not work. Only workaround is to connect machine physically to company's network on with a VPN.

I don't have any issues at my home PC which is not bound to any Domain service active directory shitty-shitty. Starting to feel that I need to make some sort of a Docker-based workaround.

I think I am reasonably good at googling information, but in this case the terminology (mostly issues in Linux) distracts the searching a lot.

@bittikettu
I observed same. ssh-agent is working but it gives error when trying to add keys or list keys. But, once I connect to company network via VPN, it starts working. Is there a fix for this issue?

[brgavino]

I'm having similar issue, but the agent is running correctly and can be seen from the services that it is really running.
Trying to add the keys, but it says "Could not open a connection to your authentication agent.".
I was able to solve this issue by connecting my laptop back to our company's domain. This is really annoying feature. We have a script which makes a network-drive as a home directory. I tried to put an environmental variable which points to local drive but it does not work. Only workaround is to connect machine physically to company's network on with a VPN.
I don't have any issues at my home PC which is not bound to any Domain service active directory shitty-shitty. Starting to feel that I need to make some sort of a Docker-based workaround.
I think I am reasonably good at googling information, but in this case the terminology (mostly issues in Linux) distracts the searching a lot.

@bittikettu
I observed same. ssh-agent is working but it gives error when trying to add keys or list keys. But, once I connect to company network via VPN, it starts working. Is there a fix for this issue?

This seemed to fix things, why this is required is puzzling at best

[beaufrusetta]

I'm having similar issue, but the agent is running correctly and can be seen from the services that it is really running.
Trying to add the keys, but it says "Could not open a connection to your authentication agent.".
I was able to solve this issue by connecting my laptop back to our company's domain. This is really annoying feature. We have a script which makes a network-drive as a home directory. I tried to put an environmental variable which points to local drive but it does not work. Only workaround is to connect machine physically to company's network on with a VPN.
I don't have any issues at my home PC which is not bound to any Domain service active directory shitty-shitty. Starting to feel that I need to make some sort of a Docker-based workaround.
I think I am reasonably good at googling information, but in this case the terminology (mostly issues in Linux) distracts the searching a lot.

@bittikettu
I observed same. ssh-agent is working but it gives error when trying to add keys or list keys. But, once I connect to company network via VPN, it starts working. Is there a fix for this issue?

This seemed to fix things, why this is required is puzzling at best

WHAT. THE. Fizzle-eff.

Why does this work?!? I literally just did the same thing - works. This is on my work laptop...soooo...maybe some weird policy thing?

[dariopnc]

I'm having similar issue, but the agent is running correctly and can be seen from the services that it is really running. Trying to add the keys, but it says "Could not open a connection to your authentication agent.".

I was able to solve this issue by connecting my laptop back to our company's domain. This is really annoying feature. We have a script which makes a network-drive as a home directory. I tried to put an environmental variable which points to local drive but it does not work. Only workaround is to connect machine physically to company's network on with a VPN.

I don't have any issues at my home PC which is not bound to any Domain service active directory shitty-shitty. Starting to feel that I need to make some sort of a Docker-based workaround.

I think I am reasonably good at googling information, but in this case the terminology (mostly issues in Linux) distracts the searching a lot.

Same behavior here!

Looks like I'm not the only one

• Can't get ssh-agent working #1133 (comment)
• Can't get ssh-agent working #1133 (comment)
• Can't get ssh-agent working #1133 (comment)

[TCB13]

I'm also having this issue now @dariopnc . All my keys are asking for password / the agent doesn't seem to be working anymore. Maybe this was related to the latest updates do the Terminal/PowerShell and/or OpenSSH?

Microsoft decides to update stuff automatically without asking or telling anything to anyone and then this happens.