Reading keys from OpenSSH auth agent on Windows with Paramiko is

ghz 23hours ago ⋅ 2 views

Reading keys from OpenSSH auth agent on Windows with Paramiko is failing with "[Errno 22] Invalid argument: '\\.\pipe\openssh-ssh-agent'"

I am using simple function to list out all RSA keys using paramiko.agent.Agent().get_keys() function. But there is weird error:

[Errno 22] Invalid argument: '\.\pipe\openssh-ssh-agent'

Also OpenSSH server is running

from paramiko import agent

print(agent.Agent().get_keys())

My local version of OpenSSH is:

OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3

Answer

The error you're seeing ([Errno 22] Invalid argument: '\\.\pipe\openssh-ssh-agent') is related to how Paramiko is trying to access the SSH agent on Windows, especially when OpenSSH is running.

Background:

  • paramiko.agent.Agent().get_keys() attempts to connect to the SSH agent using a Unix-style socket, which in Windows is typically represented as a named pipe, like \\.\pipe\openssh-ssh-agent.
  • The error suggests that either the named pipe \\.\pipe\openssh-ssh-agent is not accessible or there's an issue with the way the pipe is being handled by the Paramiko library on Windows.

Possible Causes:

  1. Windows SSH Agent Pipe Issue: Paramiko is having trouble communicating with the OpenSSH agent using the named pipe on Windows. It may be trying to connect to the agent incorrectly or not finding it at all.
  2. Environment Variable: The environment variable for the SSH agent (SSH_AUTH_SOCK) might not be set correctly, or Paramiko is not picking it up.

Steps to Resolve:

  1. Verify OpenSSH Agent is Running: First, make sure the OpenSSH agent is running on your machine. You can check the running processes to confirm that the agent is active:

    Get-Service -Name ssh-agent
    

    If the service is not running, start it with:

    Start-Service -Name ssh-agent
    
  2. Set the SSH_AUTH_SOCK Environment Variable: Ensure that the SSH_AUTH_SOCK environment variable is correctly set. You can check this in PowerShell or Command Prompt:

    $env:SSH_AUTH_SOCK
    

    If it’s not set, you need to set it manually. You can find the correct value for SSH_AUTH_SOCK in the OpenSSH agent process (it should point to a named pipe, like \\.\pipe\openssh-ssh-agent). You can set it using the following command:

    $env:SSH_AUTH_SOCK = '\\.\pipe\openssh-ssh-agent'
    

    Then, run your Python script again.

  3. Test with paramiko Debugging: Paramiko offers debugging features that might help you identify the exact cause of the issue. You can enable debugging by setting the logging level in your script:

    import paramiko
    import logging
    
    logging.basicConfig(level=logging.DEBUG)
    
    # Now try the agent
    print(paramiko.agent.Agent().get_keys())
    

    This will print detailed debug logs that can help you pinpoint where the error occurs.

  4. Check Paramiko's Handling of Windows Named Pipes: Paramiko may not fully support the way OpenSSH exposes its agent over Windows named pipes. If the above steps don't work, you could try using an alternative library like ssh-agent or pycrypto that may have better compatibility with OpenSSH on Windows.

  5. Use ssh-agent from Git for Windows (if installed): If you have Git for Windows installed, you can use its version of ssh-agent (which is more robust on Windows). In this case, try running the Git Bash terminal and ensure that ssh-agent is running by typing:

    eval $(ssh-agent -s)
    

    Then, retry your Python script.

Final Solution (Manual Agent Connection Example):

If you continue to have trouble, you can manually connect to the SSH agent using a path to the named pipe. Here's an example of how to explicitly pass the SSH_AUTH_SOCK value to paramiko:

import os
from paramiko import agent

# Set SSH_AUTH_SOCK manually if necessary
os.environ['SSH_AUTH_SOCK'] = '\\\\.\\pipe\\openssh-ssh-agent'

# Create Agent object and get keys
ssh_agent = agent.Agent()
keys = ssh_agent.get_keys()

# Print the keys
print(keys)

This should help Paramiko locate and use the correct named pipe for the OpenSSH agent on Windows.

Let me know if you need further assistance or if the issue persists!