PuTTY semi-bug cygwin-clobbers-pageant

Home | Licence | FAQ | Docs | Download | Keys | Links
Mirrors | Updates | Feedback | Changes | Wishlist | Team

summary: Plink (etc) run under Cygwin cannot talk to Pageant
class: semi-bug: This might or might not be a bug, depending on your precise definition of what a bug is.
difficulty: taxing: Needs external things we don't have (standards, users etc)
priority: medium: This should be fixed one day.
absent-in: 0.51
present-in: 0.52
fixed-in: r9178 (0.61) (0.62)

We've had several reports that when utilities such as Plink are run under Cygwin, requesting keys from a running Pageant fails.

Useful stuff from Angus Duggan:

Problem does not occur with Pageant 0.51, but does occur with 0.52 (version of Plink/PSCP is unimportant)

BTW, I'm still having bizarre problems with plink not communicating with
Pageant. I have no idea what is going wrong, but Pageant repeatably passes
the key when plink is invoked from an NT command shell, and repeatably
doesn't pass the key when invoked from a cygwin bash shell. (Versions 0.51
and 0.52.) UPDATE: I've just run the debugger on plink; the SendMessage in
agent_query (pageantc.c) is returning 0 in the bash shell and 1 in the cmd
shell. On the pageant side, it's the EqualSid() call that is failing when run
under cygwin. Starting pageant from a cygwin shell, and it works...(BTW, the
same is true for running under cvs in emacs, but I may have my shell set to
cygwin bash for that too.) I have not yet worked out why the SID is
different; I have run mkpasswd and checked the results in cygwin, and tried
messing with it a bit, but to no avail.

Here's a followup to the SID differences I reported yesterday, which are
causing failures under cygwin. I instrumented Pageant to show me the accounts
for the SIDs, and when Pageant or another application is started directly, it
runs as BUILTIN\Administrators. When an application is run under cygwin, it
runs as MACHINE\user. The SID I am using is a member of the Administrators
group for this machine (Win2K is almost impossible to use for development if
this is not the case).

Simon was unable to reproduce this. I'm going to speculate that it might involve having an /etc/passwd that's been populated with SIDs by make-passwd, and/or be something to do with Cygwin's ntsec option.

There's a thread on the cygwin mailing list about this, though it's not very enlightening.

Workaround from Angus Duggan:

Use cygstart.exe to start both Pageant and PuTTY. This starts with the same set of credentials that the cygwin programs start with, and all work fine.

SGT, 2011-07-10: this should be fixed in r9178 (which in turn fixes a bug introduced by r9043 which was my first attempt to fix this). Both PuTTY and Pageant now use the SID corresponding to the current user account for their access control, whether or not that account is also a member of the administrators group.

Audit trail for this semi-bug.


If you want to comment on this web site, see the Feedback page.
(last revision of this bug record was at 2011-07-10 12:49:12 +0100)