Skip to content

Using Windows OpenSSH Agent with Windows Terminal and Cygwin

  • Tech

I am back to running Windows Terminal + Cygwin, after a stint with MobaXterm. I blogged about it before.


  • Windows Terminal is pretty good: it doesn’t get in your way, and it’s fast (*very* important).
  • Cygwin gives me access to grep, awk, vim and much more.

In the end MobaXterm just had too many quirks. Specifically when changing screens — docking / undocking which I do a lot during the day. However, one thing I really did like about MobaXterm was the integrated SSH agent (MobAgent).

That part worked really well.

That was what kept me from switching back to Windows Terminal and Cygwin.

But I recently found out that Windows 10 comes with its own SSH Agent (?!). That was news to me.

So I now use the Windows SSH Agent. So, not Pageant or OmniSSHAgent or any other Windows SSH Agent or keychain, because these all have issues (I tried them).
Also running eval $(ssh-agent) for every new terminal window (that zombies when you close your shell) kind of defeats the purpose of having an SSH agent.


First you need to tell Windows to start the OpenSSH Authentication Agent on boot:

PowerShell can tell you if the agent is running:

Looks good!

And now comes the tricky part. Using Cygwin AND using this ssh-agent i.e. adding and retrieving keys to and from the agent.

Of course you can add keys with ssh-add or by adding the -A parameter to the ssh command.

PS C:\Users\Jan van den Berg> ssh-add.exe .ssh\id_rsa

But you need to understand this next bit first.

When invoking ssh in Cygwin you invoke a different ssh client than the default Windows SSH client. One is the Cygwin ssh client, and the other one is the one that comes with Windows. I blogged about this before.

Spot the differences in this next image:

These are two different SSH clients

And here is the secret (that took me way too long to figure out, thanks ssh -v)

Only when invoking the latter (ssh.exe) you get access to the Windows OpenSSH Agent!

This is especially tricky when you want to specify identity files. Make sure you use the right paths, the Windows SSH client will look in other default paths. Something to consider.

My workflow now is as follows: I have defined a couple of bash aliases in my Cygwin .bashrc file so when I fire up Windows Terminal (fast) I can jump to a specified SSH host with one or two keypresses — all the while using the correct SSH keypair with a passphrase I only have to enter once per Windows boot! (edit: I assumed it would be per boot, but it seems the Windows SSH agent holds the keys forever, that may actually be too much of a good thing….).

alias ms='/cygdrive/c/Windows/System32/OpenSSH/ssh.exe -A -i 'C:\Users\Jan van den Berg\.ssh\mm-id_rsa' jan@myserver'

Leave a Reply

Your email address will not be published. Required fields are marked *