I work in an academic environment where we are providing a variety of ssh-accessible compute resources. We also provide git
repository hosting, and we require ssh for read/write access to the repositories.
Our instructions for OS X and Linux users are relatively simple and, most importantly, consistent -- both with OS X and most modern Linux distributions, OpenSSH
is included out-of-the-box and, more importantly, ssh-agent
is preconfigured to run whenever a desktop session is active. We generally encourage people to assign passphrases to their keys, so life without an authentication agent can rapidly become annoying.
Our solutions for Windows users are at the moment both more fragmented and more complicated in general. Historically people have been using PuTTY, but this requires extra steps to produce OpenSSH-compatible keys. It also makes it more difficult -- though not, I realize, impossible -- to use the git
command line tools, which works best with OpenSSH when interacting with ssh-accessible repositories.
We would like to simply have folks install msysgit, but we're looking at a good way to integrate ssh-agent
into the Windows desktop environment. The most common solution out there is to start the agent via entries in .bashrc
, but that seems hacky at best and it means we have to guide largely non-technical users through the process of editing their .bashrc
under Windows.
An additional complication is that WinSCP
is often used as a file transfer tool -- and of course this won't talk to ssh-agent
. It will talk to pagent
, from the PuTTY folks, but pagent
doesn't speak ssh-agent
so it won't work from the command line.
What have other folks done to provide a consistent environment for users on different platforms? Have you just thrown up your hands and decided to maintain a separate set of documents for Windows users?
UPDATE
I've found two programs that act as a shim between OpenSSH and pagent. Do you have any experience with either charade or ssh-pagent?
I'm not familiar with msysgit, but can it use PuTTY's
plink
? If you don't know,plink
is a simple command line ssh client, and it can use Pageant to authenticate.Update: Yes, you should provide different documentation to your Windows users. (Unless you think that the Windows users are going to be using OpenSSH for something other than git access.) I think you're trying to force an equivalence that does not exist. It seems to me that you're trying to "[make] ssh easier" by making it harder.
I would suggest using Cygwin and installing SSH through that. Then you can setup ssh-agent and even configure it automatically with shell scripts. That way, you get to use SSH almost as if you were using it on Linux instead of using PuTTY or msysgit. Plus, you get the benefit of being able to automate things with shell scripts and Cygwin. Here is just one of the many different ssh-agent scripts I found to get it working with Cygwin. Also, I find Cygwin's setup and installation very flexible. Since it just downloads files from a mirror and puts it in the root of your C: drive, I'm almost positive you can take that installation and distribute it out to other people by just giving them a copy of the directory. I haven't tested that part myself though...