Accessing ssh controlled repositories from a Windows Client

Original plink.exe will lock if private keys are password protected. It expects the password to be entered at stdin, but stdin is redirected. For a workaround, load your keys into Pageant utility (pageant.exe from PuTTY) or get TortoisePlink.exe from TortoiseHg distribution.

  1. Grab putty.exe and plink.exe from PuTTY website.

  2. Connect to remote ssh host over ssh using PuTTY once and have PuTTY save its key as a known host.
  3. Add the following to the [ui] section of your ~/Mercurial.ini file

    ssh="C:\path to\plink.exe" -ssh -i "C:\your path to\private.key"
  4. Profit!!!

Plink.exe also has a -batch argument which tells plink to run non-interactively. Any activity that would normally require user interaction (a new host key, for instance) will cause plink to exit immediately rather than stall. When an ssh operation fails, you can use the --debug argument to figure out what went wrong. -- Steve Borho

I'm using a non-standard SSH port number. I found that plink.exe will first use the hostname to look up a saved PuTTY session of that same name, and get the correct port number from there. But if I give plink.exe the -ssh parameter, the saved PuTTY session is not used and therefore it doesn't use the correct port number. The -ssh parameter is unnecessary anyway, because SSH is the default protocol. I also found the -i parameter to be unnecessary when using pageant; if I have loaded my key in pageant, plink finds it. -- David Handy

To get your passphrase-locked SSH keys to work properly under PuTTY, you'll need to go through the following steps.

  1. Download putty.exe, puttygen.exe, pageant.exe, and plink.exe from the PuTTY website. You may want pscp.exe as well if you plan to do SCP, but it's not necessary for running Mercurial.

  2. Copy your SSH private key onto your Windows machine.
  3. PuTTY uses its own private format for SSH private keys, so you'll need to convert your private key. Run puttygen.exe and choose Import key from the Conversions menu.

  4. Import your private key; enter its passphrase when prompted.
  5. Change the key comment to something meaningful.
  6. Click the Save private key button and save the .PPK file somewhere.

  7. Run pageant.exe. The pageant icon (a computer wearing a hat) will show up in the status tray.

  8. Right-click the pageant icon and choose Add Key.

  9. Choose the .PPK file you saved earlier and type in its passphrase.
  10. Follow steps 2 & 3 above: connect to the remote host, save its key, and edit your Mercurial.ini file.

  11. Enjoy your newly-secure SSH authentication on Windows!

Note that pageant.exe caches your unlocked key in memory, which could conceivably make its way into your swap file. Be aware of the security implications of that fact. (For example, if your computer is ever stolen, it would be wise to consider that SSH key compromised and change it as soon as possible).


CategoryHowTo CategoryWindows

AccessingSshRepositoriesFromWindows (last edited 2011-01-06 13:11:10 by DavidHandy)