ssh woes on windows

Mark Hammond mhammond at
Sat Jun 28 03:32:05 BST 2008

I'm having a couple of ssh issues with the bzr binary I'm putting together
and I need some feedback on how to proceed. 

Background for non-Windows users: Putty is a suite of SSH related tools for
Windows, of which we reference 2 parts - 'plink.exe', which is basically a
replacement for the 'ssh' executable, and 'pagaent.exe', which is basically
a replacement for ssh-agent (ie, a daemon which loads your SSH keys and
makes them available to plink.exe etc for passwordless logins.)  I don't
believe anything discussed here is specific to putty - it would also apply
using ssh on Windows.

By default, bzr will prefer to use ssh.exe or Putty's plink.exe over
Paramiko.  A problem I'm having though is that Putty is unable to connect to
Launchpad, with or without my SSH keys loaded:
% plink -l mhammond
| Using username "mhammond".
| No supported authentication methods left to try!

I believe this is the expected behaviour (ie, it is expected that you can't
establish an ssh connection even when Launchpad has your ssh keys.)

As a result, when I attempt to push to Launchpad via a bzr+ssh: protocol,
this is what I see:

% push -v bzr+ssh://
| No supported authentication methods left to try!
| bzr: ERROR: Connection closed: please check connectivity and permissions
(and try -Dhpss if further diagnosis is required)

And .bzr.log shows:

| 0.393  ssh implementation is Putty's plink.
| 0.394  spawning ['plink', '-x', '-a', '-ssh', '-2', ...]
| 3.337  Traceback (most recent call last):
|  File "D:\src\bazaar\\bzrlib\smart\", line 247, in
| ConnectionReset: Connection closed: please check connectivity and
permissions (and try -Dhpss if further diagnosis is required)

[NOTE: the line starting with 'spawning' came from a mutter() line I added

However, if I force paramiko:
% set BZR_SSH=paramiko
% bzr push -v bzr+ssh://
| Connected (version 2.0, client Twisted)
| Authentication (publickey) failed.
| Authentication (publickey) failed.
| Authentication (publickey) successful!
| ... it works

Note that if my SSH public key is not loaded, I only see *one*
'Authentication (publickey) failed.' - so it seems my key is one of the ones
that is failing, which is consistent with plink being unable to connect
using that key.  I'm not sure where the successful key is coming from
though, but I assume this is also all expected behaviour.

Digging into paramiko, it seems that already has code that knows how to get
the key from pageant.  In this case, that key isn't needed to connect, but
if it was, I expect that paramiko would still work.  So, that implies
paramiko should work everywhere plink does, but we can demonstrate that
using plink doesn't work everywhere paramiko does.

IMO it is probably not acceptable that bzr doesn't work "out of the box"
using ssh against Launchpad, even if the fix is setting an environment
variable.  Any thoughts on the best way to resolve this?  I'm leaning
towards making paramiko the default ssh agent, but I understand it might not
be that simple - eg, bug shows
plink support is very important to some people, but its not clear if
paramiko didn't work for them, or it simply wasn't installed, or even
possibly an older version that doesn't talk to putty?

Any thoughts on how to set things up?


More information about the bazaar mailing list