I recently updated to the 1803 Spring Creator's update (version 10.0.17134) version of Windows, which now ships native versions of the OpenSSH tools (see OpenSSH-based client and server near the bottom).

Those automatically placed themselves in my $PATH, and I decided to start using them, instead of those bundled with Git for Windows.

I do have C:\Windows\System32\OpenSSH\ssh.exe but it is not in the PATH by default. Which makes me think that the best way forward would be to add an option to the installer. That option could default to true e.g. if ssh-agent.exe from that system directory exists and is running. The option should be disabled if that ssh.exe does not even exist.

Now for the fun part: this would make for an excellent first contribution! How, you ask? I am glad you asked, here is what I would suggest:

Install Git for Windows' SDK

The easiest way is to download and run the installer from https://gitforwindows.org/#download-sdk.

Alternatively, you could clone it yourself with your current Git for Windows:

git clone --depth 1 https://github.com/git-for-windows/git-sdk-64 C:\git-sdk-64
C:\git-sdk-64\git-bash.exe

Build your first installer

Just to make sure that everything works as expected, call

sdk build installer

Add the option

The options are defined in the installer/install.iss of the build-extra project. Edit it via

sdk cd build-extra
git config -e -f installer/install.iss

(this "abuses" git config to run Git's default editor).

Where?

Look for ExtraOptions, there may still be space. To test this, use a special mode of the script that normally bundles the installer, a mode designed to debug specific installer "wizard pages":

./installer/release.sh -d ExtraOptions

This looks like it runs the installer, but it really only shows one page. If you hit the Next button, it simply quits. This is great for debugging ;-)

How?

The new option could be modeled after the one enabling symbolic links: https://github.com/git-for-windows/build-extra/blob/cc9e7490b13f51a3491f6744b1c42b90b20e11f0/installer/install.iss#L1370-L1381

You probably need to use the FileExists() function with the {sys} constant (see this example how to call FileExists() in that way) to determine whether the option should be disabled.

Just like EnableSymlinksByDefault(), it could call a new function, say, UseSystemSSHByDefault() if the option is enabled, to determine whether it should be opt-in or opt-out. There are no good ways in InnoSetup's scripting language to test for a running process, but you could use the fact that we have a few MSYS2 utilities at our disposal. You could use the same trick as we do for the post-install.bat script to capture the output by redirecting to a temporary file and reading it into a string variable. The command to run would probably be {app}\usr\bin\ps.exe and it would need to be called with the argument -W to include non-MSYS2 processes.

Finally, just like with the symbolic link option, you would configure core.sshCommand (or force-unset it) depending on the user's choice.

@dscho

I came across this while attempting to work on the SSH_ASKPASS for
Visual Studio code (where I'm a collaborator)

It is related enough I thought I could also work on this as a learning process.
I successfully installed the SDK per your comments in my other post.
The installation appears to be okay but, while I followed your detailed step-by-step
instructions to the letter above, I get package manager lock errors
on a fresh install.

While also attempting to compile the openSSH package I get errors also.
These may not be related but I capture both errors in case they are.

I did search for related issues without finding anything.
Also an SO/Google search suggestion to remove the lock file
did not fix the problem.

I'm hoping to contribute on this and get my integration with VS Code
working also.

Platform is Windows 7 professional.

Installer build errors:

openSSH package errors:

Thanks in advance

There was a recent Twitter discussion about this (https://twitter.com/nocentino/status/996895686166794240) and it seems like it should be on path by default but there are bugs preventing that for some users.

I get package manager lock errors on a fresh install.

[... please paste plain text as text, not as an image...]

error: could not lock database: File exists
  if you're sure a package manager is not already
  running, you can remove /var/lib/pacman/db.lck

@cleidigh that's strange.

Hmm. I also have an untracked var/lib/pacman/db.lck lying around, that's only two days old. Not sure where it came from...

Can you simply delete that file (after verifying that you have no other Git SDK Bash windows open) and re-run?

$ makepkg -s
/usr/share/makepkg/util/pkgbuild.sh: line 69: /dev/fd/62: Not a directory
[...]

OpenSSH is maintained as an MSYS2 package. These have to be built in a special Bash that you start via

c:\git-sdk-64\msys2_shell.cmd -msys

For details why this is needed, please see https://github.com/git-for-windows/git/wiki/Package-management#rebuild-packages (I know, it is hard to miss, but there are crucial differences between MSYS2 and MINGW).

@cleidigh I must ask, though, why you want to rebuild OpenSSH? Don't you rather want to work on the installer side, which is what this here ticket is all about?

Not that I think @pingzing should be proud of herself to sit by idly on the sidelines...

There was a recent Twitter discussion about this (https://twitter.com/nocentino/status/996895686166794240) and it seems like it should be on path by default but there are bugs preventing that for some users.

@Stanzilla for the record: I have a client version, and it is not installed by default. Maybe I have some company-wide settings preventing it? No idea. In any case, the reality is that we cannot rely on it to be installed by default, and that's that.

@dscho
Concerning general build issues (installer included):

After a series of install/build rounds, I think I have the main built environment working. On my main machine I'm completely running out of disk space and ended up with build errors because of not enough room. I installed on a different drive not realizing it was an HGFS partition. I have many inadvertently read on the MSYS requirement for NTFS. I believe this was the cause for some of the errors. Multiple installs perhaps caused the lock issues, that's less clear. Deleting the lock file did nothing.

A fresh install on an older system that had no git Bash or SDK installs now builds GIT and the installer.
This should give me the opportunity to work on this issue. My other issue still eludes me and I included the errors above because I thought they were related, sorry if this confused things. I can probably add a little bit of experience notes to the build instructions.

If I start the MSYS shell I still have issues building openssh. I could not get it to build as it always
complains about not finding Zlib despite it being there. I will track this in my original issue
trying to get GIT_ASKPASS to work for Visual Studio code.

Just an FYI, I have to do all computer work and programming with voice as I am disabled so my output
is on the slow side just so you know, and I will typically have some fun Dragon dictation auto corrects ;-)

Just an FYI, I have to do all computer work and programming with voice as I am disabled so my output
is on the slow side just so you know, and I will typically have some fun Dragon dictation auto corrects ;-)

Wow. I am impressed!

I am currently busy with day-job stuff, so I probably won't have time this week to look and see whether I can help with the other ticket. Hopefully somebody else is able to help, so that you do not have to wait for such a long time...

@dscho
I don't know about impressive, but I'm fortunate despite having ALS and a vent, I can talk which is most unusual. Continuing to work on projects like Visual Studio code and GIT keep me sane and mostly out of trouble ;-)

Hopefully I can finally get open SS each to compile, I think that's the only way to understand why
GIT_ASKPASS is not working.

@dscho
After familiarizing myself with the inno installer, I see there is already an SSH page that is presented if putty is found. I assume it makes the most sense to modify this page to be presented if either putty OR openSSH is found. Then use radio buttons to select between the three options, first being GIT SSH.

I will use your suggestion to check the processes for an agent in addition to scanning the path
when I think I've got it all posts the full logic sequence.

I see there is already an SSH page that is presented if putty is found. I assume it makes the most sense to modify this page to be presented if either putty OR openSSH is found. Then use radio buttons to select between the three options, first being GIT SSH.

That's a good idea!

BTW I was made aware that 32-bit processes (such as the InnoSetup installer) do not see any C:\WINDOWS\System32\OpenSSH\ssh.exe. They do see C:\WINDOWS\SysNative\OpenSSH\ssh.exe, though.

I am not sure how to progress from here. After all, there have been worrisome reports about the native OpenSSH not working as intended. Maybe we should just leave this ticket alone, or even close it, for the time being?

After all, there have been worrisome reports about the native OpenSSH not working as intended.

To be precise, I mean this report: https://github.com/PowerShell/Win32-OpenSSH/issues/1322

@dscho,

What is the best way to deal with issues like this?

1. Wait for GFW to upgrade Cygwin. _OR_
2. Somehow force the Windows SSH to be used ahead of the GFW SSH?
   
   
   
   • I'm not sure what controls the PATH order, how to change it, and whether or not that could affect Git in a negative way.
   
   

Thanks.

• Wait for GFW to upgrade Cygwin. _OR_

Git for Windows does not use Cygwin. We use MSYS2, _and_ we build our own version of the OpenSSH package.

If you are thinking about the MSYS2 runtime, which is based on the Cygwin runtime, then I fear you'll just have to wait it out. The MSYS2 and Git for Windows projects are waiting for the v3.1.x series of the Cygwin runtime to stabilize before porting the MSYS2 runtime on top of it.

• Somehow force the Windows SSH to be used ahead of the GFW SSH?

You can easily do that.

• I'm not sure what controls the PATH order, how to change it, and whether or not that could affect Git in a negative way.

The easiest would be to avoid meddling with PATH and instead set core.sshCommand in your user-wide config.

The easiest would be to avoid meddling with PATH and instead set core.sshCommand in your user-wide config.

That would only affect Git though? Using the GFW SSH binary is causing issues with tools like fzf once connected via SSH, so I think that I need to adjust the PATH to put Windows SSH first – how do I do that?

I have no idea what fsf is, nor do I have the bandwidth to support that tool.

I have no idea what fsf is, nor do I have the bandwidth to support that tool.

I wasn't asking for support for a specific tool. Other tools are affected as well.

For now I've just added this alias to my .bashrc file:

alias ssh='winpty "C:\Windows\System32\OpenSSH\ssh.exe"'