Accessing ssh controlled repositories from a Windows Client

NOTE: The following works for cases when the private keys are not Password phrase encrypted. The original plink.exe expects the password to be entered at stdin but stdin is redirected. To get passwords to work you need one of the TortoisePlink.exes from either http://www.tortoisecvs.org/download.shtml or http://tortoisesvn.net/downloads.

  1. Grab putty.exe and plink.exe from PuTTY website.

  2. Connect to remote ssh host over ssh using PuTTY once and have PuTTY save it's key as a known host.
  3. Add the following to the [ui] section of your ~/Mercurial.ini file

    ssh=/path/to/plink.exe -ssh -i "/path/to/your/private/key"
  4. Profit!!!

Plink.exe also has a -batch argument which tells plink to run non-interactively. Any activity that would normally require user interaction (a new host key, for instance) will cause plink to exit immediately rather than stall. When an ssh operation fails, you can use the --debug argument to figure out what went wrong. -- Steve Borho

This didn't work for me with the latest windows version, maybe because I'm using key authentication with a passphrase. I got cygwin ssh to work though. Follow the instructions for this on WindowsInstall ssh help. -- krupan 2006-12-15 22:13:42

I got this to work with my passphrase-locked ssh keys by following the directions below, but the Mercurial.ini syntax above seemed to be very sensitive. It didn't work when I put quotes around /path/to/plink. That took a while to figure out :-( -- krupan

Also observed the effect above: no attempts to quote plink path worked - very ugly errors, like remote: Incorrect file name, directory name, or volume label. abort: no suitable response from remote hg! and unquoted path like C:\Program Files\Putty\plink.exe resulted in attempts to run C:\Program. I ended up creating C:\Bin and copying plink.exe there. Interesting that path to key could be quoted. -- Marcin.Kasperski

To get your passphrase-locked SSH keys to work properly under PuTTY, you'll need to go through the following steps.

  1. Download putty.exe, puttygen.exe, pageant.exe, and plink.exe from the PuTTY website. You may want pscp.exe as well if you plan to do SCP, but it's not necessary for running Mercurial.

  2. Copy your SSH private key onto your Windows machine.
  3. PuTTY uses its own private format for SSH private keys, so you'll need to convert your private key. Run puttygen.exe and choose Import key from the Conversions menu.

  4. Import your private key; enter its passphrase when prompted.
  5. Change the key comment to something meaningful.
  6. Click the Save private key button and save the .PPK file somewhere.

  7. Run pageant.exe. The pageant icon (a computer wearing a hat) will show up in the status tray.

  8. Right-click the pageant icon and choose Add Key.

  9. Choose the .PPK file you saved earlier and type in its passphrase.
  10. Follow steps 2 & 3 above: connect to the remote host, save its key, and edit your Mercurial.ini file.

  11. Enjoy your newly-secure SSH authentication on Windows!

Note that pageant.exe caches your unlocked key in memory, which could conceivably make its way into your swap file. Be aware of the security implications of that fact. (For example, if your computer is ever stolen, it would be wise to consider that SSH key compromised and change it as soon as possible).


CategoryHowTo CategoryWindows