Reading keys from OpenSSH auth agent on Windows with Paramiko is failing with "[Errno 22] Invalid argument: '\\.\pipe\openssh-ssh-agent'"
I am using simple function to list out all RSA keys using paramiko.agent.Agent().get_keys()
function. But there is weird error:
[Errno 22] Invalid argument: '\.\pipe\openssh-ssh-agent'
Also OpenSSH server is running
from paramiko import agent
print(agent.Agent().get_keys())
My local version of OpenSSH is:
OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3
Answer
The error you're seeing ([Errno 22] Invalid argument: '\\.\pipe\openssh-ssh-agent'
) is related to how Paramiko is trying to access the SSH agent on Windows, especially when OpenSSH is running.
Background:
paramiko.agent.Agent().get_keys()
attempts to connect to the SSH agent using a Unix-style socket, which in Windows is typically represented as a named pipe, like\\.\pipe\openssh-ssh-agent
.- The error suggests that either the named pipe
\\.\pipe\openssh-ssh-agent
is not accessible or there's an issue with the way the pipe is being handled by the Paramiko library on Windows.
Possible Causes:
- Windows SSH Agent Pipe Issue: Paramiko is having trouble communicating with the OpenSSH agent using the named pipe on Windows. It may be trying to connect to the agent incorrectly or not finding it at all.
- Environment Variable: The environment variable for the SSH agent (
SSH_AUTH_SOCK
) might not be set correctly, or Paramiko is not picking it up.
Steps to Resolve:
-
Verify OpenSSH Agent is Running: First, make sure the OpenSSH agent is running on your machine. You can check the running processes to confirm that the agent is active:
Get-Service -Name ssh-agent
If the service is not running, start it with:
Start-Service -Name ssh-agent
-
Set the
SSH_AUTH_SOCK
Environment Variable: Ensure that theSSH_AUTH_SOCK
environment variable is correctly set. You can check this in PowerShell or Command Prompt:$env:SSH_AUTH_SOCK
If it’s not set, you need to set it manually. You can find the correct value for
SSH_AUTH_SOCK
in the OpenSSH agent process (it should point to a named pipe, like\\.\pipe\openssh-ssh-agent
). You can set it using the following command:$env:SSH_AUTH_SOCK = '\\.\pipe\openssh-ssh-agent'
Then, run your Python script again.
-
Test with
paramiko
Debugging: Paramiko offers debugging features that might help you identify the exact cause of the issue. You can enable debugging by setting the logging level in your script:import paramiko import logging logging.basicConfig(level=logging.DEBUG) # Now try the agent print(paramiko.agent.Agent().get_keys())
This will print detailed debug logs that can help you pinpoint where the error occurs.
-
Check Paramiko's Handling of Windows Named Pipes: Paramiko may not fully support the way OpenSSH exposes its agent over Windows named pipes. If the above steps don't work, you could try using an alternative library like
ssh-agent
orpycrypto
that may have better compatibility with OpenSSH on Windows. -
Use
ssh-agent
from Git for Windows (if installed): If you have Git for Windows installed, you can use its version ofssh-agent
(which is more robust on Windows). In this case, try running the Git Bash terminal and ensure thatssh-agent
is running by typing:eval $(ssh-agent -s)
Then, retry your Python script.
Final Solution (Manual Agent Connection Example):
If you continue to have trouble, you can manually connect to the SSH agent using a path to the named pipe. Here's an example of how to explicitly pass the SSH_AUTH_SOCK
value to paramiko
:
import os
from paramiko import agent
# Set SSH_AUTH_SOCK manually if necessary
os.environ['SSH_AUTH_SOCK'] = '\\\\.\\pipe\\openssh-ssh-agent'
# Create Agent object and get keys
ssh_agent = agent.Agent()
keys = ssh_agent.get_keys()
# Print the keys
print(keys)
This should help Paramiko locate and use the correct named pipe for the OpenSSH agent on Windows.
Let me know if you need further assistance or if the issue persists!