fix(start-ssh-agent): support OpenSSH 10.1+ socket location (#183)

dscho · web-flow · commit 3fde39246698 · 2026-02-05T12:53:58.000Z
### Description Since Git for Windows upgraded to OpenSSH 10.2.P1 (which includes changes from OpenSSH 10.1), the `start-ssh-agent.cmd` script fails to locate ssh-agent sockets. ### Root Cause OpenSSH 10.1 moved agent sockets from `/tmp` to `~/.ssh/agent/` as a **security improvement**. From the [OpenSSH 10.1 release notes](https://www.openssh.org/txt/release-10.1): > ssh-agent(1), sshd(8): move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8). This ensures processes that have restricted filesystem access that includes /tmp do not ambiently have the ability to use keys in an agent. ### Proposed Fix This PR updates the script to search `%USERPROFILE%\.ssh\agent\` instead of `%TEMP%\ssh-*` to align with OpenSSH's new default socket location. ### Why not use `-T`? The `-T` flag exists to force the old `/tmp` location but would revert the security improvement. The proper fix is updating the script to match OpenSSH's new default. This fixes git-for-windows/git#6084
diff --git a/mingw-w64-git/PKGBUILD b/mingw-w64-git/PKGBUILD
@@ -60,7 +60,7 @@ export GIT_CONFIG_PARAMETERS="${GIT_CONFIG_PARAMETERS:+$GIT_CONFIG_PARAMETERS }'
 
 sha256sums=('5f624e2511c445b832d9bbd65a74c27630be79994bf38dde4a4f8013d89e60e0'
             'a9dcba5aebc93ae7aacdee03275780fc6c0f15e88fda30c93041e75851e75090'
-            'f16b345aba17acd124ab5940635dfa2d87445df73eedbeb80e0285f29c85415a'
+            '7e6c5f3dc6a4209dca0e1f38880b2978500a5c745c04bc60dbeda5fc48e8d3cb'
             '80b0b11efe5a2f9b4cd92f28c260d0b3aad8b809c34ed95237c59b73e08ade0b'
             '20613488bbd66bced2ef786448dc335c9cc7a5ef8be800e0d5bab83e36faf584'
             'dab3e41e935a33f443a4ff4ef4ce92c191b6d952d9eb37e14885540ad5af99ed'
diff --git a/mingw-w64-git/start-ssh-agent.cmd b/mingw-w64-git/start-ssh-agent.cmd
@@ -40,15 +40,13 @@
     @REM Connect up the current ssh-agent
     @IF [!SSH_AGENT_PID!] == []  @(
         @ECHO Removing old ssh-agent sockets
-        @FOR /d %%d IN (%TEMP%\ssh-??????*) DO @RMDIR /s /q %%d
+        @FOR %%s IN (%USERPROFILE%\.ssh\agent\s.*) DO @DEL /q "%%s" 2>nul
     ) ELSE  @(
         @ECHO Found ssh-agent at !SSH_AGENT_PID!
-        @FOR /d %%d IN (%TEMP%\ssh-??????*) DO @(
-            @FOR %%f IN (%%d\agent.*) DO @(
-                @SET SSH_AUTH_SOCK=%%f
-                @SET SSH_AUTH_SOCK=!SSH_AUTH_SOCK:%TEMP%=/tmp!
-                @SET SSH_AUTH_SOCK=!SSH_AUTH_SOCK:\=/!
-            )
+        @FOR %%s IN (%USERPROFILE%\.ssh\agent\s.*) DO @(
+            @SET SSH_AUTH_SOCK=%%s
+            @SET SSH_AUTH_SOCK=!SSH_AUTH_SOCK:%USERPROFILE%=~!
+            @SET SSH_AUTH_SOCK=!SSH_AUTH_SOCK:\=/!
         )
         @IF NOT [!SSH_AUTH_SOCK!] == [] @(
             @ECHO Found ssh-agent socket at !SSH_AUTH_SOCK!
