TL;DR: use the (debian-)package keychain
I use a lot of ssh in WSL (the unix bash for windows 10). For example I run ansible in bash for windows, because ansible cannot be run as controller in windows.
I searched for options to integrate my ssh-agent from windows, which is already setup correctly. I use keepass and keeagent on the windows side, which work really, really well. Here are the solutions if found so far:
Start an own ssh-agent (most stable, most inconvenient)
eval $(ssh-agent -s)
ssh-add — < /g/EigeneDateien/ssh/id_rsa
I pipe the ssh key into ssh-add because otherwise ssh-add would complain, that the key is not secure. You can then use keypass and autotype to type your key-passphrase
Use socat to map your windows ssh-agent to a socket in WSL (most convenient, less stable)
Run socat, which maps the windows pipe (with npiperelay) to a unix socket. This sounded so good in the first place, but it’s not really stable. I found myself often to kill and restart the socat. I did not found out why.
sudo rm -rf /tmp/ssh-agent-pipe
sudo socat UNIX-LISTEN:/tmp/ssh-agent-pipe,fork,group=psc,umask=007 EXEC:”npiperelay.exe -ep -s //./pipe/openssh-ssh-agent”,nofork &
you need https://github.com/jstarks/npiperelay for converting the windows pipe into the unix pipe, which is in turn read by socat.
Use package: keychain (mediocre convenient, stable)
This is my solution right now for several months. There’s a ubuntu package called keychain
sudo apt-get install keychain
then append to your ~/.bashrc
/usr/bin/keychain --nogui $HOME/.ssh/id_rsa
Or wherever your ssh key resides.
When you start bash it will ask for the passphrase of the key, or will pickup the last time you entered your passphrase. So you don’t have to put in the passphrase for every new bash window.
This might not work by default, if your key is created on windows. It will fail with: Error: Problem adding; giving up. You need then configure via wsl.conf
enabled = true
options = "metadata,umask=22,fmask=11"
This will change that all windows created files are rwxrwxrwx — and this is the reason why keychain cannot add your private key file to the agent. It needs 600 (octal) permissions
chmod 600 $HOME/.ssh/id_rsa
look at the options for the wsl.conf here: https://docs.microsoft.com/en-us/windows/wsl/wsl-config
an interesting one in the automount section is
Then exit bash and run
wsl.exe -t Ubuntu so that the distro is really terminated. You can then start Ubuntu bash again
What are your hacks for using ssh in WSL?