1password SSH Agent + WSL2?
Was wondering if any developers has had any luck configuring the newly introduced ssh-agent for 1password for any WSL2 work? This thing is incredible and works seamlessly! Would love to configure it for my WSL instances.
For some context, I've been using wincrypt-sshagent to configure & forward SSH_AUTH_SOCK from WSL to-and-from Windows Certificates. This works only for x509 certs on the PC or on smartcards.
1Password Version: 80600068
Extension Version: Not Provided
OS Version: Windows 11 Home
Comments
-
We'll be adding UNIX socket support for Windows too in the future. In the mean time, while we cannot 'officially' recommend it, we've been hearing some good responses about using
socat&npiperelayto forward SSH requests to the OpenSSH pipe, see this blog post.0 -
Hello, is there any news regarding WLS2 support?
I am trying to make commit signing to work and I am having troubles with both it and with ssh agent
EDIT: I have managed to make signing work just by upgrading git to the latest version. But in the github commits I do see:
even if key is added to the settings0 -
@smplkiii In that box does it show that the commit is signed at all (does it display the "SSH Key Fingerprint")? If not then commit signing has not been configured correctly. If it does show a fingerprint but is unverified, then you'll need to make sure you've uploaded the correct SSH key to GitHub.
0 -
SSH fingerprint is present and SSH key is added to GitHub account using the following steps:
1. Navigate to https://github.com/settings/keys
2. Select “New SSH Key”
3. Select “Signing Key”
4. Navigate to the “Key” box and select the 1Password logo
5. Select “Create SSH Key”, fill in a title and then select “Create and Fill”
6. Select “Add SSH Key” and you’re all set!0 -
Commit signing works for me. I use the popular
socat/npiperelayworkaround to get SSH working, and had to adjust my WSL.gitconfigto point at the Windows binary:[gpg "ssh"] program = /mnt/c/Users/jonaskuske/AppData/Local/1Password/app/8/op-ssh-sign.exeNow signing works and GitHub displays the Verified badge.
But local verification fails for some reason —
git log --show-signaturedisplays "Could not verify signature" for each commit.If I manually extract the commit and signature, the local verification works though:
git cat-file commit ga872i9 > ./commit # then delete the ---- SSH SIGNATURE part git cat-file commit ga872i9 > ./signature # then delete everything but the signature, remove "gpgsig" and leading spaces before ----- /mnt/c/Users/jonaskuske/AppData/Local/1Password/app/8/op-ssh-sign.exe -Y verify -f ~/.ssh/allowed_signers -I [email protected] -n git -s ./signature < ./commit Good "git" signature for [email protected] with ED25519 key ...
0 -
@HardwareFresser For what it's worth, I have the exact same experience. Additionally I added the
allowedSignersFileoption to my.gitconfigbutgit log --show-signaturedisplays "Could not verify signature" for all my signed commits as well.Using your manual, local verification does work however.
Edit: For what it's worth, using the
allowSignersFileoption and verifying the commit signatures on Windows also works (verifies correctly). It's only WSL2 that doesn't seem to properly verify for me0 -
looks like that if you are using the socat/npiperelay workaround you can just remove the
program = /mnt/c/Users/jonaskuske/AppData/Local/1Password/app/8/op-ssh-sign.exeline, then both signing and verification will work !this works because the socat/npiperelay workaround script is setting the SSH_AUTH_SOCK env variable
ensure you add your own key to allowed signers if you haven't:
echo "$(git config --global user.email) $(git config --global user.signingkey)" > ~/.allowed_signers git config --global gpg.ssh.allowedSignersFile "$HOME/.allowed_signers"
0
