SSH Agent on Windows Subsystem for Linux

After following the steps, make sure you have socat installed in your WSL machine

sudo apt install -yyq socat

Hi @yami759:

Glad to hear you were able to get it figured out. Feel free to get in touch if there's anything else we can help you with.

Jack

Update: I'm a dummy, this had nothing to do with 1Password. I was trying to use an HTTPS repo instead of an SSH one...

I was able to get this working in Ubuntu WSL (with a very minor step added of creating a ~/.ssh folder if you don't already have one), and both ssh-add -l and ssh -T git@github.com work just fine. When I actually go to do an action in git however, I'm still prompted to log in. Does anyone know why that might be?

This script works in Debian WSL, but, does not work on Rocky Linux 9 as a WSL instance. Every time I try to ssh to a remote server, I see error messages

My commands are:

bash
sudo update-crypto-policies --set DEFAULT:SHA1 && \
ssh MASKED


The result is
bash
Load key "/home/MASKED/.ssh/MASKED.pub": error in libcrypto
MASKED@MASKED: Permission denied (publickey).


When I run ssh-add -l, then I got this error message.

bash
error fetching identities: communication with agent failed


FYI for developers stumbling their way here:

if you use the scoop package manager for Windows, you can now just install npiperelay using the extras bucket 😄


scoop bucket add extras
scoop install npiperelay


would be great if someone can create an install for the native Windows package manager, winget 👌. No idea if WSL + 1Password will ever be a thing ;/

I don't know how to upvote this, but honestly: this should be added to the 1password official documentation. Such a critical piece of information for devs who use WSL. Thank you so so much!

Hey Tristan!

I was actually working on this myself tonight, here's what I did.

OS: Windows 11 21H2
WSL 2 Ubuntu 20.04.3 LTS

Big big big shoutout to https://1password.community/discussion/comment/629936

1. Enable 1Password SSH as defined here for WINDOWS: https://developer.1password.com/docs/ssh/get-started#step-3-turn-on-the-1password-ssh-agent
2. Install the .exe https://github.com/jstarks/npiperelay somewhere where your Windows PATH can see it (make sure it's accessible from ubuntu and powershell, might need to restart Windows Terminal completely)
3. Update your .bashrc or .zshrc in ubuntu with: # Configure ssh forwarding export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock # need `ps -ww` to get non-truncated command for matching # use square brackets to generate a regex match for the process we want but that doesn't match the grep command running it! ALREADY_RUNNING=$(ps -auxww | grep -q "piperelay.exe -ei -s //./pipe/openssh-ssh-agent"; echo $?) if [[ $ALREADY_RUNNING != "0" ]]; then if [[ -S $SSH_AUTH_SOCK ]]; then # not expecting the socket to exist as the forwarding command isn't running (http://www.tldp.org/LDP/abs/html/fto.html) echo "removing previous socket..." rm $SSH_AUTH_SOCK fi echo "Starting SSH-Agent relay..." # setsid to force new session to keep running # set socat to listen on $SSH_AUTH_SOCK and forward to npiperelay which then forwards to openssh-ssh-agent on windows (setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1 fi
4. Restart the ubuntu terminal / resource the rc file.
5. Test with ssh-add -l Should see your 1password ssh keys

From here Git and SSH in your Ubuntu instance should default to the 1password ssh-agent, with fallback to id_rsa (or whatever is configured in ur /etc/ssh config file.

Hope this helps!!
Matt