Skip to content

stored credentionals (e.g. cmdkey) with password authentication doesn't work #2273

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
stored credentionals (e.g. cmdkey) with password authentication doesn't work#2273
Labels
Waiting on AuthorNeed more information to diagnose
@JohnstonJ

Description

@JohnstonJ
JohnstonJ
opened on Sep 14, 2024

Prerequisites

  • Write a descriptive title.
  • Make sure you are able to repro it on the latest version
  • Search the existing issues.

Steps to reproduce

This issue is very similar to #1950, #452, #996, except that password authentication also does not seem to work (any more?). I understand the limitations of accessing the Windows credential manager when using public/private key authentication with OpenSSH. However, there are numerous comments that suggest password authentication should still work, since the password is available to decrypt the DPAPI store.

But, the problem is that cmdkey and other tools still seem to be unable to use stored credentials when using password authentication. In my case, I am trying to use SMB shares that were set up by Vagrant inside of a Windows guest, which is also running sshd. Vagrant uses cmdkey to store credentials for the SMB shares, and this works fine when logging in interactively into the guest, but does not work when logging in over ssh, even when using password authentication.

sshd_config, inside the Vagrant virtual machine:

Port 22
Subsystem	sftp	sftp-server.exe

ssh_config:

Host default
  HostName 172.21.202.90
  User vagrant
  Port 22
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no

Trying to use cmdkey, note that I used password authentication and I still can't access the credential store:

C:\Users\JohnstonJ\Documents\Projects>ssh default "cmdkey /add:blah /user:blah /pass:blah"
Warning: Permanently added '172.21.202.90' (ECDSA) to the list of known hosts.
vagrant@172.21.202.90's password: <type "vagrant" for password>

CMDKEY: Credentials cannot be saved from this logon session.

Expected behavior

I should be able to access DPAPI / Credential Manager over SSH when using password authentication.

Actual behavior

I cannot use commands based on Credential Manager, such as CMDKEY, when using password authentication.

Error details

See steps to reproduce, above.

Environment data

From the sshd server:


PS C:\Users\vagrant> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.5
PSEdition                      Core
GitCommitId                    7.4.5
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0


### Version

OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2 (downloaded from "releases" of this GitHub project)

### Visuals

_No response_

Metadata

Assignees

No one assigned

    Labels

    Waiting on AuthorNeed more information to diagnose

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions