-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for WSL2 #33
Comments
Thanks for the issue @AngellusMortis , I am aware of this limitation. There is a workaround currently which works with |
@benpye How do I run npiperelay correctly? I have tried this
But whenever I try to use the agent I get a I have this: What's the magic syntax? |
Woops! I totally forgot about this thread. I use the following command line - I guess you need to pass the full path to npiperelay.exe.
|
Ahh awesome thanks. I think it turned out "Invalid argument" was because I was trying to run windows binaries from a windows working directory. You can see I was using /mnt/c/Users. When I changed to the Linux home directory it worked fine. Out of interest how do you start socat? I tried to get systemd to run it for me, but it just keeps crashing. I have:
But it dies with:
|
I've added this to my
Using tmux seems a bit blah, but it gets the job done. Simply backgrounding the socat command in the |
Adding this to
seems to work for me, both in Windows Terminal and VSCode |
I struggeled much to get this working. I found out that my pipe, that needs to be passed to npiperelay, had a different name. |
WSL v2 is public builds now (may update, ver 2004). Is this limitation still a factor? Since updating to WSLv2 I'm just getting public key permission denied to my servers (i.e. it isn't working!) |
The only two issues I have with #33 (comment) are that:
To solve issue 2, I am using this: EXISTING_RELAY_PIDS=$(ps x | grep npiperelay | grep -v grep | awk '{ print $1 }')
if [[ ! -z "${EXISTING_RELAY_PIDS}" ]]; then
kill -9 ${EXISTING_RELAY_PIDS}
fi
setsid nohup socat \
EXEC:"/mnt/c/Users/MY_USERNAME/bin/npiperelay.exe /\/\./\pipe/\ssh-pageant" \
UNIX-LISTEN:/tmp/wsl2-ssh-agent.sock,unlink-close,unlink-early,fork >/dev/null 2>&1 &
export SSH_AUTH_SOCK=/tmp/wsl2-ssh-agent.sock |
This variant of #33 (comment) worked better for me, and avoids the hang-at-close: EXISTING_RELAY_PIDS=$(ps x | grep npiperelay | grep -v grep | awk '{ print $1 }')
if [[ -z "${EXISTING_RELAY_PIDS}" ]]; then
socat \
EXEC:"/mnt/c/Users/MY_USERNAME/bin/npiperelay.exe /\/\./\pipe/\ssh-pageant" \
UNIX-LISTEN:/tmp/wsl2-ssh-agent.sock,unlink-close,unlink-early,fork >/dev/null 2>&1 &
fi
export SSH_AUTH_SOCK=/tmp/wsl2-ssh-agent.sock |
@GuyPaddock I'm using your variant, but when I try to ssh to somewhere within WSL, socat exits:
|
@voltagex Yeah, I'm seeing that too... not sure why socat isn't staying open. |
I just noticed @ BlackReloaded has sort of forked/borrowed some code from @benpye's project specifically for WSL2 (using socat): https://github.com/BlackReloaded/wsl2-ssh-pageant. That setup works for me. Just note that the docs say Mind you I'm using it with https://smartcard-auth.de/index-en.html for pageant in order to support my Yubikey. |
I got wsl2-ssh-pageant working, However, not sure why in wsl2, I cannot make this work in my .zshrc. The socat process is running and the sock file is created, I can see it in ss -a, but ssh-add -l hang, I have to kill socat process and resource .zshrc, then it start working again. This behavior is same for weasel-pageant, I cannot eval and start weasel-pageant.exe in my .zshrc in wsl2, I have to run the eval outside my .zshrc or kill the socat process and re-source my .zshrc once my terminal started. WSL1 do not have this issu. Anyone have this issue in WSL2? Thanks |
Well I didn't have any issues on Ubuntu 18.04, I do see something similar on Ubuntu 20.04. But in my case socat wasn't running and ssh-add -l gave me 'file not found'. I discovered that when I run the socat command in the terminal, it works just fine, but it wasn't doing it when I ran it via my .zshrc. My workaround / fix was to remove the if statement so it will always execute. |
Just sharing what worked for me - I was new to Windows named pipes, and it's not obvious in the above comments that you need to tell wsl-ssh-pageant to set up the named pipe: I installed https://github.com/rupor-github/wsl-ssh-agent first because it includes a pre-built npiperelay.exe - I didn't want to have to create a Go build environment.
|
I'll try and have a dig into why this isn't working well. I've generally not had too much trouble with |
@ckuai I'm experiencing the same issue. |
|
Hi, Are there any plans to incorporate WSL2 support into wsl-ssh-pageant? |
@ckuai Not sure why that would be true, unless you switched to WSL 1. WSL 2 still has no support for |
seems like that thread is alive microsoft/WSL#4240 perhaps they'll close this issue in nearest future 🚶♂️ |
Wow, this was not easy. Added the steps here as a Gist, works without tmux, in different WSL2 windows, no issues or errors on start or logout. Tested with Pageant running on the Windows side. Originally missed to set permissions and ownership of files, which meant that the pipe relay did not work when sourced in bashrc. |
For those that have issues using npiperelay due to false positives from antivirus software... if you are using pageant, you'll likely have the full PuTTY suite installed that includes socat UNIX-LISTEN:/home/username/.ssh/pageant.sock,unlink-early,fork "EXEC:'"'"'"/mnt/c/Program Files/PuTTY/plink.exe"'"'" -serial //
./pipe/pageant.YOURUSERNAME.SOMERVALUE'" In case you need to look up the pipe name for pageant, you can run this in powershell: Get-ChildItem \\.\pipe\ | ?{ $_ -like "*pageant*" } | %{ $_.name } My systemd unit file:
|
Turns out the random string is different on every reboot, at least for me, so have to figure out a way to automate this yet. |
@fholzer Just an idea: run the power-shell command in a startup task on logon and write output to a file. Read that file as part of the ExecStart |
You can just run the PowerShell command from within WSL2 /mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command 'Get-ChildItem \\.\pipe\ | ?{ $_ -like "*pageant*" } | %{ $_.name }' An alternative to the PowerShell command is to get pageant itself to write an OpenSSH configuration file, which you could parse the data from. You would need to start pageant like this:
Then
From WSL you can grab that with |
Mixing @fholzer and @pearj solutions: #!/usr/bin/bash
plink="/c/Program\\\\ Files/PuTTY/plink.exe"
IdentityAgent=$(<pageant.conf)
IdentityAgent=${IdentityAgent:0:-1} # removes \r
IdentityAgent=${IdentityAgent##IdentityAgent } # cut it out
IdentityAgent=${IdentityAgent//\\/\/} # flips slashes
/usr/bin/socat \
UNIX-LISTEN:/tmp/pageant.sock,unlink-early,fork \
"EXEC:${plink} -serial ${IdentityAgent}" |
Do any of y'all have a step-by-step instruction manual on how to accomplish this? I've been at this for about a month now, and I still can't get OpenGPG to work in my instance of WSL2, and I've tried just about everything, including all the examples here, and none of them worked. I'm hoping I just overlooked something, but so far I'm able to get this to work. |
I roo have dealt with it for several days. My simple solution was to set my instance back to WSL1 🤮😂😩Von meinem iPhone gesendetAm 11/05/23 um 21:30 schrieb Kerick Howlett ***@***.***>:
Do any of y'all have a step-by-step instruction manual on how to accomplish this?
I've been at this for about a month now, and I still can't get OpenGPG to work in my instance of WSL2, and I've tried just about everything, including all the examples here, and none of them worked.
I'm hoping I just overlooked something, but so far I'm able to get this to work. Please help!
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Since people still seem to be having problems with this, I thought I would post my solution for getting a pretty reliable agent into WSL2. I have found the npipe+socat options pretty unstable, and frustrating. My solution for getting an agent into WSL uses a combination of WSL2 systemd support, OpenSSH server installed in WSL2, and using OpenSSH client in Windows. Prepare the environment
That is all the prep work done. Now how do I actually forward the agent. It is pretty simple. I add a new systemd unit and enable it. This unit will use the WSL interop to run the windows ssh.exe client to the WSL2 environment. It enables agent forwarding, and will leave an symlink to the agent socket in /etc/systemd/system/ssh_agent.service
With that done, all you have to do is update your shell profile to set the
I like this solution since it doesn't require any fancy magic to forward. It simply uses the ssh client and ssh daemon to forward exactly the way ssh agents are normally forwarded. We just are using the WSL2 systemd and interop to get this to happen in the background. |
@zoredache Stupid question, but this also works with OpenPGP, right? |
Sorry, don't know. Haven't tried. I haven't ever really needed to use PGP in my WSL2 environment. |
my workaround 🙃 > cat ~/bin/ssh
#!/bin/sh
exec '/mnt/c/Windows/System32/OpenSSH/ssh.exe' "$@"
|
Where were you when I needed you over a year ago! 😆 Sadly, I can no longer try implementing this, because this problem got so frustrating, I switched over to Linux. |
I struggle like 20h on this... I even found someone that did similar for the gpg.exe to get access to the smartcard and that worked... but I didnt think in ssh it self... Thanks you mentioned this, Funny how it works... |
I'm also doing that for gpg 🙃 |
This works for standard ssh connections, but it does not work for I tried specifying the GIT_SSH directly:
without success. |
|
Strange, even with the SSH wrapper it is not working with git (but with |
Indeed weird, it works normal here too, just a remind that using the windows openssh you might need to use the windows .ssh dir as well, so I just linked to mine |
Ok, thanks - I could not get this to work under WSL2. I reverted to splitting my work: (1) Coding in WSL2 and (2) git commit/pull in WSL1. |
.. finally was able to set this up with the latest Windows 10 and WSL2 following @zoredache steps. Minor changes on my side were necessary. I added it step by step here. |
One more workaround works on wsl2 ubuntu. |
According to a similar project, rupor-github/wsl-ssh-agent#3, it seems this is not possible yet, but I just wanted to make an issue to cover it for anyone else was doing some digging.
It seems that the Windows/Unix socket interoperability does not work yet for WSL 2.
The text was updated successfully, but these errors were encountered: