Scientific Computing

SSH-agent for Windows, macOS, Linux

SSH-agent remembers SSH Public Key authentication, which can be time-limited by the user. This avoids the user having to type the password for each SSH connection, especially relevant to using Git over SSH. Windows has SSH built-in from Microsoft including SSH-agent. WSL also can use SSH-agent within each of the WSL images. SSH-agent works well with Git over SSH.

To use SSH-agent, add SSH keys like:

ssh-add ~/.ssh/mykey

This will persist the key in the SSH-agent until the SSH-agent is stopped, the user logs out,or the key is removed.

Remove all SSH-agent keys from RAM (if desired):

ssh-add -D

List all SSH-agent keys loaded:

ssh-add -L

Time limit for SSH-agent keys

Except for Windows, a time limit can be set for how long the key is remembered:

ssh-add -t 30m ~/.ssh/mykey
-t 30m
remember authentication for a period of time (here, 30 minutes)

Currently, the OpenSSH implemenation of SSH-agent on Windows does NOT support the -t option. If the -t option is used on Windows, it will fail like:

Could not add identity <key>: agent refused operation


Each operating system has a distinct method of enabling SSH-agent.

Windows SSH-agent

SSH-agent can be enabled from PowerShell. Note that the OpenSSH Client and OpenSSH server must both be installed.

Check if Windows SSH-Agent is running:

Get-Service ssh-agent

Start SSH Agent:

Set-Service -StartupType Automatic -Name ssh-agent

Start-Service ssh-agent

if status of Windows SSH-Agent in Powershell is “Running” then SSH-agent should be working.

Get-Service ssh-agent

If you still have trouble, try setting the permissions for the $HOME/.ssh directory more conservatively with this Powershell script.

Linux SSH-agent

For Linux, including Windows Subsystem for Linux:

Add to ~/.profile:

if [ -z "$(pgrep ssh-agent)" ]; then
   rm -rf ${TMPDIR}/ssh-*
   eval $(ssh-agent -s) > /dev/null
else
   export SSH_AGENT_PID=$(pgrep ssh-agent)
   export SSH_AUTH_SOCK=$(find ${TMPDIR}/ssh-* -name agent.*)
fi

macOS SSH-agent

On macOS, SSH-agent is enabled by default.


SSH agents can have vulnerabilities, as noted for Windows and Linux.


Related: Disable Gnome Keyring SSH Agent

reference

GNU Octave for continuous integration

Matlab CI is often a better choice than Octave below.


Cross-platform developers run into numerous compatibility issues. Rather than wait for frustrated users to report such a bug, use continuous integration.

Here are CI templates using GNU Octave tests of .m code. Octave oruntests() is incompatible with the advanced functionality of Matlab runtests(),

GitHub Actions: “.github/workflows/ci.yml”:

name: ci

on:
  push:
    paths:
    - "**.m"
    - ".github/workflows/ci.yml"

jobs:

  linux:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout

    - run: |
        sudo apt update
        sudo apt install --no-install-recommends octave

    - run: octave --eval "test_myfuncs"
      working-directory: tests

  windows:
    runs-on: windows-2025
    steps:
    - uses: actions/checkout
    - run: winget install GNU.Octave --disable-interactivity --accept-source-agreements --accept-package-agreements

    - run: octave --eval "test_myfuncs"
      working-directory: tests

GitHub Actions winget install

WinGet can be used on Windows GitHub Actions runners where a Windows program needs to be installed. In this example, environment variable FFMPEG_ROOT tells Python where to find the ffmpeg.exe program. One could more generally append to the GITHUB_PATH environment variable.


jobs:
  windows:
    runs-on: windows-2025

    steps:

    - name: install prereqs (Windows)
      if: runner.os == 'Windows'
      run: winget install ffmpeg --disable-interactivity --accept-source-agreements --accept-package-agreements

    - name: FFMPEG_ROOT Windows
      if: runner.os == 'Windows'
      run: echo "FFMPEG_ROOT=$env:LOCALAPPDATA/Microsoft/WinGet/Links/" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append

    - name: PyTest
      run: pytest
import functools
import shutil
import os


@functools.cache
def get_exe(name: str) -> str:

    for p in (os.environ.get("FFMPEG_ROOT"), None):
        if exe := shutil.which(name, path=p):
            return exe

    raise FileNotFoundError(name)

Disable Installed Addons in MATLAB

Matlab Addons are packages / toolboxes that can be installed into Matlab. Addons may come from the Mathworks or third-party developers. One can disable non-Mathworks addons to ensure that the project code works as expected in diverse environments.

Check Matlab Addon packages installed:

addons = matlab.addons.installedAddons;

disp(addons)

Disable a non-Mathworks addon by the matlab.addons.disableAddon function. It isn’t possible to disable Mathworks addons; the following results:

Enable/Disable not supported for MathWorks products, MathWorks toolboxes, or support packages.

Check logical status of the addon:

matlab.addons.isAddonEnabled("MyCustomAddon")

Alert boxes in Hugo site generator

If alert boxes (like “note”, “warning”) are not built into a site’s Hugo theme, they can be added with a bit of CSS and partial template.

Edit / add to the Hugo site as in this Gist to enable alert boxes.

Prefer IPv4 for conda on Windows

Windows users generally should not disable IPv6. Upon network upgrades or working in a new location with IPv6, network operations that previously worked may fail. An example of this is “conda install” or “conda update” commands that hang or fail with a timeout error. While curl has an option “-4” or “–ipv4” to force IPv4 connections only, the “conda” command does not have a “force IPv4” option currently. Windows can be set to prioritize IPv4 over IPv6, which can help with conda operations and other network operations. Reprioritizing IPv4 over IPv6 is vastly preferable to disabling IPv6, as it allows for compatibility with IPv6 networks.

Check existing IPv6 settings with the command:

netsh interface ipv6 show prefixpolicies

ℹ️ Note

If there are only one or zero prefix policy entries, then IPv6 is likely not configured correctly. The rest of this procedure would not help as Windows will go to factory defaults and ignore the IPv4 preference. Fix the IPv6 configuration first, then proceed with the steps below.

Set the prefix policy for IPv4 to have a higher priority than IPv6 by running the following command in an elevated PowerShell or Command Prompt:

netsh interface ipv6 set prefixpolicy ::ffff:0:0/96 46 4

Check that the IPv6 prefix policy has been set correctly by running:

netsh interface ipv6 show prefixpolicies

Then execute the “conda install” or “conda update” command again.


To restore the default Windows settings of IPv6 having priority over IPv4:

netsh interface ipv6 set prefixpolicy ::ffff:0:0/96 35 4

Matlab arguments validation

Matlab function arguments validation syntax is generally recommended over validateattributes() and inputParser(). Function arguments validation specification coerces the input and/or output variables to the class declaration given if possible, and errors otherwise.

  • Default values are easily specified, which required such verbose syntax before.
  • only a single class can be specified
  • recall the .empty method of most Matlab classes e.g. datetime.empty() that allows initializing an empty array.

Matlab argument validation syntax coerces class at runtime.

GNU Octave compatibility

Currently GNU Octave does not enable function arguments validation syntax, but it is possible to use the function albeit with warnings like:

“function arguments validation blocks are not supported; INCORRECT RESULTS ARE POSSIBLE”

To elide the verbose warnings to allow for self-tests or quick use, do in Octave like:

warning('off', 'all')

% whatever code you want to run that uses the Matlab arguments validation syntax
oruntests .

% restore warnings
warning('on', 'all')

There are requests for Octave to assign a warning ID so that only this warning can be silenced, but it is not implemented as of this writing. Thus all warnings are silenced, which is not recommended in production code. However, for self-tests or quick use, it could be acceptable.

Intel oneAPI on GitHub Actions

Intel oneAPI is a useful, performant compiler for CI with the C, C++, and Fortran languages. oneAPI compilers give useful debugging output at build and run time. If having trouble determining the oneAPI APT package name, examine the APT repo Packages file on the developer computer like:

curl -O https://apt.repos.intel.com/oneapi/dists/all/main/binary-amd64/Packages.gz

gunzip Packages.gz

less Packages

This examples oneAPI GitHub Actions workflow works for C, C++, and Fortran.

Persistent user paths to Matlab and Octave

Matlab .mltbx toolbox packaged toolbox format is proprietary to Matlab. Oftentimes we desire to distribute a Matlab package as a set of .m source files instead. To add a “toolbox” or “package” to Matlab and use functions from that toolbox requires using “addpath” or “import” Matlab syntax. This example makes those paths persistent in Matlab and Octave, using example toolbox directories ~/mypkg1 and ~/mypkg2.

Normally use addpath() instead of cd(). Do not put brackets or braces around the multiple paths.

Prepend a package to the Matlab path by editing the startup.m file from Matlab or Octave:

edit(fullfile(userpath,'startup.m'))

put in addpath() commands to the desired Matlab packages paths like:

addpath('~/mypkg1','~/mypkg2')

Restart Matlab/Octave and type

path

and the new toolbox directories will be at the top.