/wsl2-ssh-pageant

bridge between windows pageant and wsl2

Primary LanguageGoMIT LicenseMIT

⚠️ I no longer own a Windows PC, so this project has been needless for me. For this reason i will archive this project. ⚠️

wsl2-ssh-pageant

Motivation

I use a Yubikey to store a GPG key pair and I like to use this key pair as my SSH key too. GPG on Windows exposes a Pageant style SSH agent and I wanted a way to use this key within WSL2.

How to use with WSL2

Prerequisite

In order to use wsl-ssh-pageant you must have installed socat and ss on your machine.

For example, on Ubuntu you can install these by running: sudo apt install socat iproute2

Installation

  1. Download latest version from release page and copy wsl2-ssh-pageant.exe to your windows home directory (or other location within the windows file system). Then simlink to your $HOME/.ssh directory for easy access
    windows_destination="/mnt/c/Users/Public/Downloads/wsl2-ssh-pageant.exe"
    linux_destination="$HOME/.ssh/wsl2-ssh-pageant.exe"
    wget -O "$windows_destination" "https://github.com/BlackReloaded/wsl2-ssh-pageant/releases/latest/download/wsl2-ssh-pageant.exe"
    # Set the executable bit.
    chmod +x "$windows_destination"
    # Symlink to linux for ease of use later
    ln -s $windows_destination $linux_destination
  2. Add one of the following to your shell configuration (for e.g. .bashrc, .zshrc or config.fish). For advanced configurations consult the documentation of your shell.

Bash/Zsh

SSH:

export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then
  rm -f "$SSH_AUTH_SOCK"
  wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
  if test -x "$wsl2_ssh_pageant_bin"; then
    (setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin" >/dev/null 2>&1 &)
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  fi
  unset wsl2_ssh_pageant_bin
fi

GPG:

export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
  rm -rf "$GPG_AGENT_SOCK"
  wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
  if test -x "$wsl2_ssh_pageant_bin"; then
    (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin --gpg S.gpg-agent" >/dev/null 2>&1 &)
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  fi
  unset wsl2_ssh_pageant_bin
fi

Fish

SSH:

set -x SSH_AUTH_SOCK "$HOME/.ssh/agent.sock"
if not ss -a | grep -q "$SSH_AUTH_SOCK";
  rm -f "$SSH_AUTH_SOCK"
  set wsl2_ssh_pageant_bin "$HOME/.ssh/wsl2-ssh-pageant.exe"
  if test -x "$wsl2_ssh_pageant_bin";
    setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin" >/dev/null 2>&1 &
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  end
  set --erase wsl2_ssh_pageant_bin
end

GPG:

set -x GPG_AGENT_SOCK "$HOME/.gnupg/S.gpg-agent"
if not ss -a | grep -q "$GPG_AGENT_SOCK";
  rm -rf "$GPG_AGENT_SOCK"
  set wsl2_ssh_pageant_bin "$HOME/.ssh/wsl2-ssh-pageant.exe"
  if test -x "$wsl2_ssh_pageant_bin";
    setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin --gpg S.gpg-agent" >/dev/null 2>&1 &
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  end
  set --erase wsl2_ssh_pageant_bin
end

Troubleshooting

Smartcard is detected in Windows and WSL, but ssh-add -L returns error

If this is the first time you using yubikey with windows with gpg4win, please follow the instructions in the link https://developers.yubico.com/PGP/SSH_authentication/Windows.html

| Make sure ssh support is enabled in the gpg-agent.conf and restart gpg-agent with the following command

gpg-connect-agent killagent /bye
gpg-connect-agent /bye

Agent response times are very slow

If ssh,ssh-add,gpg etc are very slow (~15-25 seconds) check that wsl2-ssh-pageant resides on the windows file system. This is due to an issue with the WSL interop documented here and here

Credit

Some of the code is copied from benpye's wsl-ssh-pageant. This code shows how to communicate to pageant.