Caution:- about behaviour of ssh-agent in the native SSH client software in Windows 10 PowerShell and associated service.
I have been coming up to speed on use of SSH, with help from YouTube videos in both LTS and LearnLinuxTV. Below see something I thought was surprising.
About SSH client in Windows PowerShell
- The SSH client was added to WIndows 10 PowerShell in the April 2018 release. (This is native to PowerShell, and different to any implementation in WSL2)
- The commandline options in PowerShell provide similar functionality to what you have in Linux.
- There is also a ssh-agent service which runs as a Windows service - named “OpenSSH Authentication Agent”. It is not enabled by default, but can easily be set to run automatically.
Behaviour of sww-agent, Linux vs Windows
This Windows “ssh-agent” behaves differently to the regular Linux implementation wrt persistence of private keys with pass phrases.
- With Linux the ssh-agent keeps the unlocked private keys in memory associated with your current terminal session - and forgets when that session ends. In practical terms it means you have to enter your passphrase just once per session.
- But with the Windows implementation of ssh-agent the unlocked private keys are saved to the Registry, and do not disappear at end of PowerShell session or if you log off. So you have to type your passphrase just once and never needed again on that workstation! Those private keys remain immediately available to you on that workstation whenever the ssh-agent service is running.
How Windows ssh-agent stores data.
Digging a bit deeper the agent stores data in the Registry in key:-
The items in the…/Keys folder are named like “SHA256:G84TfeXhm8JDw3qKh/SaftQjtcUcrccd6ozX1qJ+Hqc” - the registry key name used is the Fingerprint of the related SSH Key.
I found this closed issue in Github Powershell → Win32-OpenSSH, The response from the developers is that the persistent behaviour of ssh-agent is “as intended”
The blog cited below describes how you can reconstruct the original private key from these registry entries.