How can I make a passphrase-protected PPK stop asking for password in TortoiseHG via TortoisePlink and KeyRing

Question

SOLVED, see the last edit

I have a SourceForge repository and I correctly set my SSH key there. It works fine. But when I use TortoiseHG to push my modifications to the repository, I keep getting asked for the password for my PPK (since I protected it).

I tell Mercurial about my PPK like this:

[ui] ssh = tortoiseplink.exe -ssh -i "c:\Users\my_user\SSH\my_user.ppk"

But it keeps pestering me with the password for the PPK. I know about that KeyRing extension for Mercurial but does it work with PPKs?

Then...

There is this Pageant tool with TortoiseHG. Apparently you tell TortoiseHG to use it by specifying -agent, like this:

[ui] ssh = tortoiseplink.exe -ssh -i "c:\Users\my_user\SSH\my_user.ppk" -agent

I added my key in Pageant but when I synchronize with TortoiseHG, it still asks for the passphrase of my PPK, even though I already mentioned that when I added the PPK in Pageant.

And another thing which annoys me is that Pageant "forgets" all keys upon program restart. So it's kinda' useless.

Any way I could use that KeyRing extension to add my PPK in TortoiseHG and keep the password stored somewhere?

If there is no way to solve this, I guess I'll just use a non-protected PPK and that's it...

LATER EDIT:

This is the debug output I get when I try to do a push via the TortoiseHG Sync tool, configured as above.

% hg --repository C:\Projects\MyProject push --debug ssh://echysttas@hg.code.sf.net/p/myproject/code

pushing to ssh://echysttas@hg.code.sf.net/p/myproject/code

running "c:\Program Files\TortoiseHg\TortoisePlink.exe" -agent echysttas@hg.code.sf.net "hg -R p/myproject/code serve --stdio"

sending hello command

sending between command

here I get a password request, which I cancel because I don't want to keep repeating my password

no suitable response from remote hg [command returned code 255 Mon Nov 19 20:43:14 2012]

LATER EDIT 2:

I noticed that some examples use plink.exe instead of TortoisePlink.exe. Well, ok, I tried with plink.exe (directly from the Putty website) as well. This yielded promising results...

sending hello command

sending between command

remote: Passphrase for key "rsa-key-20121118":

remote: Passphrase for key "rsa-key-20121118":

But then, it got stuck here.

LATER EDIT 3

Amazingly funny find ::- D.

It got stuck because I was invoking TortoiseHG Sync from non-elevated Explorer but I started Pageant from an elevated Total Commander. I'm using UAC on my Windows 7 and that caused the problem.

If Pageant is run from admin-rights Total Commander, then the TrtoiseHG Sync must also be launched from there! If done so, it works! It also works if I start Pageant from non-elevated Explorer and I also do the Sync from there.

Done!

Lazy Badger I'm still awarding the answer to you because you were anything BUT lazy and you proved interest & helped me a lot. Although "it works on my machine" isn't really the answer, it sure got me thinking and your many words & descriptions are worth that glorious green checkmark, eh? :D.

Answer 1

Well, I can work with pageant without being asked about password more one once

my ssh line

ssh = "c:\Program Files\_Tools\TortoiseHg\TortoisePlink.exe"

and running Pageant (with loaded private key /PuTTY-User-Key-File/) will give me ability to communicate with repo without re-authentication

Note 1: Keyring doesn't help in your case at all, debug pageant functionality with pure-ssh connection (ssh or plink)

Note 2: To start Pageant with key (only password needed) you can use extended command-line

Pageant can automatically load one or more private keys when it starts up, if you provide them on the Pageant command line. Your command line might then look like:

C:\PuTTY\pageant.exe d:\main.ppk d:\secondary.ppk

If the keys are stored encrypted, Pageant will request the passphrases on startup.

If Pageant is already running, this syntax loads keys into the existing Pageant.

Add-on

Tried push with my current ssh-settings for TortoiseHG 2.6 (XP SP3 x86), Mercurial repo

c:\TEMP\Fiver>hg push sf
pushing to ssh://bigbadger@hg.code.sf.net/u/bigbadger/code
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 7 changesets with 39 changes to 19 files
remote: <Repository /hg/u/bigbadger/code> refresh queued.

Local repo hgrc

[paths]
...
sf = ssh://bigbadger@hg.code.sf.net/u/bigbadger/code

Private key loaded into Pageant, public key registered on SF, in my profile

Mercurial.ini (relevant part)

[ui]
merge = <irrelevant>
username = <irrelevant>
ssh = "c:\Program Files\_Tools\TortoiseHg\TortoisePlink.exe"

(note none of additional arguments for TortoisePlink)

and nothing more special was done

Screenshot of pure THG push with log output

Log of good plink+pageant session for SF-SSH

>Plink.exe -v -agent bigbadger@hg.code.sf.net
Looking up host "hg.code.sf.net"
Connecting to 216.34.181.156 port 22
Server version: SSH-2.0-OpenSSH_5.3
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.62
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 86:7b:1b:12:85:35:8a:b7:98:b6:d2:97:5e:96:58:1d
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Pageant is running. Requesting keys.
Pageant has 1 SSH-2 keys
Using username "bigbadger".
Trying Pageant key #0
Authenticating with public key "github/lazybadger" from agent
Sending Pageant's response
Access granted
Opened channel for session
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
Last login: Tue Nov 20 03:20:48 2012 from 85.249.33.17
Server sent command exit status 1
Disconnected: All channels closed

Welcome to hg.sourceforge.net
This is a restricted Shell Account
You cannot execute anything here.