Windows Ssh Agent
Windows vs Linux
https://forums.lawrencesystems.com/t/caution-about-ssh-agent-service-in-windows/10980
- With Linux the ssh-agent keeps the unlocked private keys in memory associated with your current terminal session - and forgets when that session ends. In practical terms it means you have to enter your passphrase just once per session.
- But with the Windows implementation of ssh-agent the unlocked private keys are saved to the Registry, and do not disappear at end of PowerShell session or if you log off. So you have to type your passphrase just once and never needed again on that workstation! Those private keys remain immediately available to you on that workstation whenever the ssh-agent service is running.
Security and storage
Where does Windows OpenSSH ssh-agent service secretly store private keys - Stack Overflow
Attack POC (Requires admin)
Extracting SSH Private Keys From Windows 10 ssh-agent - ropnop blog GitHub - ropnop/windows_sshagent_extract: PoC code to extract private keys from Windows 10’s built in ssh-agent service
Sources:
- https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement