Persistent Pageant?

It's not a matter of opinion - it is insecure. You might as well have passwordless keys.

But to answer your question, if it's part of PuTTY (I've not used Pageant - not even heard of it until today - but then I always SSH from Linux to Linux/Unix), then it will be open source so you could write a simple memory loader and dumper for it. Speaking from personal experience, PuTTY's source is actually pretty nice to hack around in; compared to most projects I've tinkered with.

Failing that. Hibernate Windows instead of shutting down

If your system is secure then passwordless keys are also secure as it's not the password that gets transmitted over the wire - only a hashed checksum. The passphrase is only used to authenticate a private-key - which should never leave the confines of the client PC (which you've already stated is secured).

And if someone does have access to your system then they can "eavesdrop" and read the passphrase as it's being transferred from the key manager to the SSH client. They could even key log user input for when you do type the passphrases in.


Really what you should have done was copied your public key onto each of the servers you wanted SSH access - so you have 1 private key locally and several public keys (one on each server). This means you only need one passphrase to gain access to everything.

You could further harden your servers by using a white list of IPs (ie all incoming SSH connections are firewalled bar ones on a "white-listed" subset of IPs). This is more tricky to implement if you want access from home broadband and don't have the luxury of a static IP (you can white-list subnets on most firewalls, but it's a far from ideal solution).


While what you're asking is not unreasonable, i don't think it's the best solution. You'd be better off using intended SSH behaviours (eg the multiple public keys) and firewalling.

While you're right that it is technically less secure, I don't think it really works out that way in practice.

Assuming all your private keys are stored in the same file system hierarchy (eg same sub-directories or a meaningful named tree: c:\private keys\server1, c:\private keys\server2, etc), then if anyone did gain access to your machine, they'd steal the entire hierarchy rather than individual keys.

Same goes if your keys are hidden in nonsensical locations but with default file extensions, a simple file search would highlight every key (and if I was an attacker and found one private key - I'd be sure to do a search for similar extensions just to in case more were hidden away).

So while you're right that having one private key does widen the scope for damage should it be stolen, I'd be surprised if any attacker only managed to gain one key rather than the whole lot.
Do you not have some kind of VPN solution for your farm? I don't know the kind of set up you're running so I apologise if this isn't possible, but best practice would be to have SSH disabled on any outside facing servers but a single VPN solution which you connect to and can then tunnel your SSH traffic via.

If VPN isn't practical, then you could cheat and have whitelist firewalling on all but one or two lower priority boxes, and you can SSH into those with SSH agent forwarding (I think PuTTY needs a bit of tweaking to get this working properly) then SSH from those boxes into the more critical and thus hardened firewalled boxes. (I hope that makes sense?)

VPN would probably be easier in the long run though because I seem to recall that PuTTY doesn't always do key agent forwarding properly - but you might have better success with that than I did.