TortoiseSVN using Microsoft's OpenSSH client
847 views
Skip to first unread message
paul.kl...@packetdigital.com
Mar 29, 2018, 3:47:05 AM3/29/18
to TortoiseSVN
The latest Windows 10 (Fall Creators Update aka ver 1709) has an OpenSSH client and server that can be installed via as any other option Windows component. See this MSDN blog post:
https://blogs.msdn.microsoft.com/powershell/2017/12/15/using-the-openssh-beta-in-windows-10-fall-creators-update-and-windows-server-1709/
One of the benefits of this ssh client is the ssh-agent system service can hold your ssh identity securely so that the identity is available when you log in, but not accessible by other users. You can actually delete the private key file from your HDD after you "ssh-add" it to the agent! If another user (say an admin) changes your password, the key becomes inaccessible.
...
I was able to get it working with TortoiseSVN with the setting TortoiseSVN Settings -> Network -> SSH Client: c:\windows\system32\openssh\ssh.exe
This works great from the command prompt. I can "svn checkout svn+ssh://foo/path" and it looks in %userprofile%\.ssh\config for host definitions (just like it would on Unix) and does the checkout.
But from the GUI it's a little irritating. Via Windows Explorer, if I Right Click and choose "SVN Checkout" I'm able to checkout svn+ssh:// urls and everything works, BUT it opens a command window during the process. If I close that window it breaks the pipe and checkout fails:
https://imgur.com/qNNMaCql.png
Do any Windows Gurus know a way to prevent the window from appearing?
https://blogs.msdn.microsoft.com/powershell/2017/12/15/using-the-openssh-beta-in-windows-10-fall-creators-update-and-windows-server-1709/
One of the benefits of this ssh client is the ssh-agent system service can hold your ssh identity securely so that the identity is available when you log in, but not accessible by other users. You can actually delete the private key file from your HDD after you "ssh-add" it to the agent! If another user (say an admin) changes your password, the key becomes inaccessible.
...
I was able to get it working with TortoiseSVN with the setting TortoiseSVN Settings -> Network -> SSH Client: c:\windows\system32\openssh\ssh.exe
This works great from the command prompt. I can "svn checkout svn+ssh://foo/path" and it looks in %userprofile%\.ssh\config for host definitions (just like it would on Unix) and does the checkout.
But from the GUI it's a little irritating. Via Windows Explorer, if I Right Click and choose "SVN Checkout" I'm able to checkout svn+ssh:// urls and everything works, BUT it opens a command window during the process. If I close that window it breaks the pipe and checkout fails:
https://imgur.com/qNNMaCql.png
Do any Windows Gurus know a way to prevent the window from appearing?
Stefan
Mar 29, 2018, 3:48:58 AM3/29/18
to TortoiseSVN
Sorry, there's no way.
That's why we have to ship TortoisePlink and not just plink: TortoisePlink is a modified version of plink that has many changes done so that the cmd window does not appear.
So as long as you can not change the code of the windows ssh client, you're out of luck.
Stefan
That's why we have to ship TortoisePlink and not just plink: TortoisePlink is a modified version of plink that has many changes done so that the cmd window does not appear.
So as long as you can not change the code of the windows ssh client, you're out of luck.
Stefan
Paul Klapperich
Mar 30, 2018, 11:07:43 PM3/30/18
to TortoiseSVN
Well, it is open source (based on OpenSSH) so one can change the code, submit patches, etc. https://github.com/PowerShell/openssh-portable
But for now I made a python wrapper that locates and hides the cmd window that appears.
I set TortoiseSVN -> Settings -> Network -> SSH client to
c:\programdata\anaconda2\python.exe "C:\Program Files\TortoiseSVN\ssh_hidden.py"
The cmd window still appears, but it's just a brief flash as the wrapper hides it.
richard....@gmail.com
Oct 24, 2018, 6:42:01 AM10/24/18
to TortoiseSVN
Process p = new Process();
p.StartInfo.UseShellExecute = false;
p.StartInfo.CreateNoWindow = true;
// set command, args, etc
p.Start();
p.WaitForExit();
Both UseShellExecute and CreateNoWindow with these settings are required for the cmd box to not appear
Stefan
Oct 24, 2018, 6:51:30 AM10/24/18
to TortoiseSVN
Yes, but in this case you have absolutely no way of entering any info if requested. So that's useless.
What TPlink does is to show a dialog for information that's requested.
bob...@gmail.com
Oct 24, 2018, 10:35:44 AM10/24/18
to TortoiseSVN
I wouldn't say useless, but I'd agree with unacceptable.
It's a poor experience if input is ever required, but it does work smoothly if key based authentication is set up ahead of time. Due to how the windows fork of ssh-agent stores your key, it's always available if you're logged in, so there's less chance of prompts.
I've been using the python wrapper I shared and had mostly forgotten about this issue. I do agree the proper fix is in Microsoft's ssh fork, not here.
It's a poor experience if input is ever required, but it does work smoothly if key based authentication is set up ahead of time. Due to how the windows fork of ssh-agent stores your key, it's always available if you're logged in, so there's less chance of prompts.
I've been using the python wrapper I shared and had mostly forgotten about this issue. I do agree the proper fix is in Microsoft's ssh fork, not here.
Richard
Oct 25, 2018, 12:41:09 PM10/25/18
to torto...@googlegroups.com
Rather than patching individual SSH clients (3 at current count), how about a checkbox in the UI to control launching the client
in 'windowless' mode.
Therefore if you use gitbash SSH, OpenSSH etc with keyboardless access then you have the option of using your own out-of-the-box SSH client.
--
You received this message because you are subscribed to a topic in the Google Groups "TortoiseSVN" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tortoisesvn/ZmO6bU25-lo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tortoisesvn...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/ff7df8e3-d644-41e2-986b-cc7b06def905%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Stefan
Oct 25, 2018, 12:49:50 PM10/25/18
to TortoiseSVN
On Thursday, October 25, 2018 at 6:41:09 PM UTC+2, Richard wrote:
Rather than patching individual SSH clients (3 at current count), how about a checkbox in the UI to control launching the clientin 'windowless' mode.Therefore if you use gitbash SSH, OpenSSH etc with keyboardless access then you have the option of using your own out-of-the-box SSH client.
Since the ssh tool is started by the svn library, such a request has to be made on the svn users list.
bob...@gmail.com
Oct 25, 2018, 1:15:32 PM10/25/18
to TortoiseSVN
I'll just point out this is a client bug regardless. TortoiseSVN is not the only tool I pipe through ssh, so such work arounds, while useful, are still just hacks. These clients should behave better on Windows. A fixed clients solves the issue for all use cases.
nsh...@phoenix-int.com
Oct 31, 2019, 10:25:39 AM10/31/19
to TortoiseSVN
For those who don't want to install Python, a simple PowerShell script will do. It has the same behavior that the window briefly blinks up, but it otherwise works. Create a file named sshNoWindow.ps1 with the contents:
Start-Process -FilePath c:\windows\system32\openssh\ssh.exe -Wait -NoNewWindow -ArgumentList "$args"
Then, set your ssh client setting to:
powershell -WindowStyle hidden -File "c:\full\path\to\sshNoWindow.ps1"
Nathan
Oliver Smith
Apr 23, 2022, 12:58:52 AM4/23/22
to TortoiseSVN
I'm not sure why this is or was a concern.
If you're telling Tortoise to use the system OpenSSH two things are probably happening:
1. There was an option so you clicked it,
2. You're using the system OpenSSH to manage your ssh and do things like add keys, edit the config, by hand or with Visual Studio Code or something, and you want TortoiseSVN to consume not manage,
A suitable warning should suffice to discourage (1), and in the case of (2) what happens now is far more unacceptable. After 2 decades of using Putty I _haven't_ used it in 5 years now and it took me a while to even remember why I was being asked for a "plink password" - just for a moment I actually thought "malware!"
In the subversion config file, there's the whole thing of adding "-q" to the SSH command and ssh knowing to suggest you turn it off so you can see why something that expected input failed.
So add a simple toggle between "Use Tortoise's Plink for SSH" and "Use System OpenSSH" with a big, bold disclaimer that user is responsible for authentication working in this scenario. An "Edit" for the user's ~/.ssh/config would be gravy.
Plink -> Guided, hand-held authentication like you'd expect
OpenSSH -> The gates of hell are open, your spikey welcome wagon awaits
That said, currently (TortoiseSVN 1.14.3, Build 29387 - 64 Bit , 2022/04/08 19:31:22) OpenSSH works fine right for trivial use but then you reach something like Merge -> Show Log and you have TortoisePlink asking for a password, because I'm not running (or going to) run pageant, and tortoiseplink feels like a bad windows citizen(*) that doesn't respect the user's now-builtin .ssh profile/configuration/keys/etc.
(* But, of course, that's because I'm actively using the built-in openssh rather than the putty ecosystem)
- Oliver
Reply all
Reply to author
Forward
0 new messages