Add SSH_AUTH_SOCK support to Windows environments.

romanZupancic · romanZupancic · commit 4c51516b04d0 · 2025-03-13T13:06:05.000-04:00
- Presently dialing Windows SSH agents respects the SSH_AUTH_SOCK
  environment variable only if step cli is run in specific Unix-like
  environments (i.e. cygwin). If defined, the agent specified at
  SSH_AUTH_SOCK will be dialed through a unix pipe with `net.Dial`.
  In a full Windows environment, the SSH_AUTH_SOCK variable is ignored
  and the default OpenSSH Agent pipe is dialed instead.
- But some Windows agents (like Pageant) may open Named Pipes at arbitrary paths.
- This commit adds support for SSH_AUTH_SOCK in a full Windows Context.
  So, if SSH_AUTH_SOCK is defined, the agent specified at SSH_AUTH_SOCK
  will be dialed through the Windows Named Pipe with winio.DialPipeContext.
  If SSH_AUTH_SOCK is not specified (or blank), the default
  `\\.\\pipe\\openssh-ssh-agent` will be dialed instead.
diff --git a/internal/sshutil/agent_windows.go b/internal/sshutil/agent_windows.go
@@ -13,17 +13,28 @@ import (
 // dialAgent returns an ssh.Agent client. It uses the SSH_AUTH_SOCK to connect
 // to the agent.
 func dialAgent() (*Agent, error) {
-	// Attempt unix sockets for environments like cygwin.
+	// Override the default windows openssh-ssh-agent pipe
 	if socket := os.Getenv("SSH_AUTH_SOCK"); socket != "" {
+		// Attempt unix sockets for environments like cygwin.
 		if conn, err := net.Dial("unix", socket); err == nil {
 			return &Agent{
 				ExtendedAgent: agent.NewClient(conn),
 				Conn:          conn,
 			}, nil
 		}
+
+		// Connect to Windows pipe at the supplied address
+		conn, err := winio.DialPipeContext(context.Background(), socket)
+		if err != nil {
+			return nil, errors.Wrap(err, "error connecting with ssh-agent at pipe specified by environment variable SSH_AUTH_SOCK")
+		}
+		return &Agent{
+			ExtendedAgent: agent.NewClient(conn),
+			Conn:          conn,
+		}, nil
 	}
 
-	// Windows OpenSSH agent
+	// DEFAULT: Windows OpenSSH agent
 	conn, err := winio.DialPipeContext(context.Background(), `\\.\\pipe\\openssh-ssh-agent`)
 	if err != nil {
 		return nil, errors.Wrap(err, "error connecting with ssh-agent")
