You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Terraform's Provisioner Connection block on Windows currently only supports Pageant (PuTTY's SSH agent) for SSH agent forwarding using remote-exec. However, with the further development of OpenSSH as by default pre-installed SSH tool on Windows 10/11, it would be a nice-to-have to support the OpenSSH SSH agent in addition to Pageant.
Background
I've created a small automation tool to help admins keep the hosting environment for WordPress on AWS Lightsail up to date. More information can be found in this GitHub repository.
The tool currently works perfectly on Unix-based systems (I use macOS) with SSH-agent forwarding via OpenSSH. It would be great if Windows users could also utilize the tool without having to adapt the setup specifically to Pageant.
Attempted Solutions
Manual SSH Command via PowerShell (Successful):
When running the following sequence in PowerShell on Windows, SSH agent forwarding with OpenSSH works as expected:
# Add the key to the OpenSSH SSH agent
ssh-add C://path/to/key
# Connect to Host A
ssh -A bitnami@<host_A_ip># From Host A, connect to Host B and export the wordpress database for migration
ssh -A bitnami@<host_B_ip>"cd /opt/bitnami/wordpress && sudo wp --allow-root db export --quiet /tmp/exported-wp-sql.sql > /dev/null"
This process succeeds using OpenSSH (v9.5.0.0) in PowerShell (v7.4.4).
Remote Provisioner in Terraform (Failure):
When attempting the same with Terraform's remote-exec provisioner, it fails as only Pageant is supported:
# Add the key to the OpenSSH SSH agent
ssh-add C://path/to/key
Allow Terraform on Windows to support OpenSSH as an SSH agent, similar to how it functions on Unix-based systems. This would remove the dependency on Pageant and and would provide a uniform approach across operating systems.
Example:
connection {
type="ssh"user="bitnami"private_key=file("C://path/to/key")
host=var.host_A_ipagent=true# Support OpenSSH agent in addition to Pageant.
}
References
N/A
The text was updated successfully, but these errors were encountered:
jexnator
changed the title
Support for OpenSSH Agent in Terraform Provisioner Connection on Windows
Terraform provisioner connection - support for OpenSSH agent on Windows
Aug 19, 2024
Thanks for filing the issue! I think this is a result of how the upstream github.com/xanzy/ssh-agent sets up a connection to pageant. While the windows usage of the OpenSSH agent is a little more in line with the standard implementation, it may still not be directly accessible via the usual methods (golang/go#61383).
Thanks for this feature request! If you are viewing this issue and would like to indicate your interest, please use the 👍 reaction on the issue description to upvote this issue. We also welcome additional use case descriptions.
Terraform Version
Use Cases
Terraform's
Provisioner Connection
block on Windows currently only supports Pageant (PuTTY's SSH agent) for SSH agent forwarding usingremote-exec
. However, with the further development of OpenSSH as by default pre-installed SSH tool on Windows 10/11, it would be a nice-to-have to support the OpenSSH SSH agent in addition to Pageant.Background
I've created a small automation tool to help admins keep the hosting environment for WordPress on AWS Lightsail up to date. More information can be found in this GitHub repository.
The tool currently works perfectly on Unix-based systems (I use macOS) with SSH-agent forwarding via OpenSSH. It would be great if Windows users could also utilize the tool without having to adapt the setup specifically to Pageant.
Attempted Solutions
Manual SSH Command via PowerShell (Successful):
When running the following sequence in PowerShell on Windows, SSH agent forwarding with OpenSSH works as expected:
This process succeeds using OpenSSH (v9.5.0.0) in PowerShell (v7.4.4).
Remote Provisioner in Terraform (Failure):
When attempting the same with Terraform's
remote-exec
provisioner, it fails as only Pageant is supported:Error Output:
Proposal
Allow Terraform on Windows to support OpenSSH as an SSH agent, similar to how it functions on Unix-based systems. This would remove the dependency on Pageant and and would provide a uniform approach across operating systems.
Example:
References
N/A
The text was updated successfully, but these errors were encountered: