Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for WSL2 #33

Open
AngellusMortis opened this issue Dec 10, 2019 · 22 comments
Open

Support for WSL2 #33

AngellusMortis opened this issue Dec 10, 2019 · 22 comments

Comments

@AngellusMortis
Copy link

AngellusMortis commented Dec 10, 2019

According to a similar project, rupor-github/wsl-ssh-agent#3, it seems this is not possible yet, but I just wanted to make an issue to cover it for anyone else was doing some digging.

It seems that the Windows/Unix socket interoperability does not work yet for WSL 2.

@benpye
Copy link
Owner

benpye commented Feb 2, 2020

Thanks for the issue @AngellusMortis , I am aware of this limitation. There is a workaround currently which works with npiperelay and the Windows SSH support. It's possible to bridge Pageant to Windows SSH and then use npiperelay to bridge that into WSL 2. If there is interest this could possibly be added in the tool itself, what do you think?

@pearj
Copy link

pearj commented Mar 23, 2020

@benpye How do I run npiperelay correctly?

I have tried this

joel@JOEL-XPS15:/mnt/c/Users/Joel$ socat UNIX-LISTEN:/home/joel/.ssh/authsock,fork,group=joel,umask=007 EXEC:"npiperelay.exe -ep -s //./pipe/ssh-pageant",nofork
/usr/local/bin/npiperelay.exe: Invalid argument

But whenever I try to use the agent I get a /usr/local/bin/npiperelay.exe: Invalid argument error.

I have this: export SSH_AUTH_SOCK=/home/joel/.ssh/authsock as well

What's the magic syntax?

@benpye
Copy link
Owner

benpye commented Apr 8, 2020

Woops! I totally forgot about this thread. I use the following command line - I guess you need to pass the full path to npiperelay.exe.

socat EXEC:"/mnt/c/Users/benpy/go/bin/npiperelay.exe /\/\./\pipe/\ssh" UNIX-LISTEN:/tmp/wsl-ssh-pageant.socket,unlink-close,unlink-early,fork

@pearj
Copy link

pearj commented Apr 11, 2020

Ahh awesome thanks. I think it turned out "Invalid argument" was because I was trying to run windows binaries from a windows working directory. You can see I was using /mnt/c/Users. When I changed to the Linux home directory it worked fine.

Out of interest how do you start socat? I tried to get systemd to run it for me, but it just keeps crashing.

I have:

[Service]
User=joel
Type=Simple
ExecStart=/usr/bin/socat -u EXEC:"/mnt/c/Users/Joel/go/bin/npiperelay.exe //./pipe/ssh-pageant" UNIX-LISTEN:/tmp/wsl-ssh-pageant.socket,unlink-close,unlink-early,fork  

But it dies with:

Apr 11 23:03:23 JOEL-XPS15 systemd[1]: Started ssh-agent-socat.service.
Apr 11 23:03:23 JOEL-XPS15 socat[3045]: 2020/04/11 23:03:23 socat[3045] E waitpid(): child 3046 exited with status 1
Apr 11 23:03:23 JOEL-XPS15 systemd[1]: ssh-agent-socat.service: Main process exited, code=exited, status=1/FAILURE
Apr 11 23:03:23 JOEL-XPS15 systemd[1]: ssh-agent-socat.service: Failed with result 'exit-code'.

@pearj
Copy link

pearj commented Apr 11, 2020

I've added this to my ~/.bashrc

if [ ! -S /tmp/wsl-ssh-pageant.socket ] && [ -z "$TMUX" ]; then
    echo "Starting socat relay to ssh-pageant"
    tmux new-session -d -s socat-ssh-agent
    tmux send-keys '/usr/bin/socat EXEC:"/mnt/c/Users/Joel/go/bin/npiperelay.exe //./pipe/ssh-pageant" UNIX-LISTEN:/tmp/wsl-ssh-pageant.socket,unlink-close,unlink-early,fork' C-m
fi

export SSH_AUTH_SOCK=/tmp/wsl-ssh-pageant.socket

Using tmux seems a bit blah, but it gets the job done. Simply backgrounding the socat command in the ~/.bashrc with & was making VSCode hang when starting up inside WSL 2

@florin-saftoiu
Copy link

florin-saftoiu commented Jun 8, 2020

Adding this to ~/.bashrc

kill -9 $(ps x | grep npiperelay | grep -v grep | awk '{ print $1 }')
setsid nohup socat EXEC:"/mnt/c/work/ssh/npiperelay/npiperelay.exe /\/\./\pipe/\ssh-pageant" UNIX-LISTEN:/tmp/wsl2-ssh-agent.sock,unlink-close,unlink-early,fork >/dev/null 2>&1 &
export SSH_AUTH_SOCK=/tmp/wsl2-ssh-agent.sock

seems to work for me, both in Windows Terminal and VSCode

@Pumba98
Copy link

Pumba98 commented Jun 9, 2020

I struggeled much to get this working. I found out that my pipe, that needs to be passed to npiperelay, had a different name.
You can use this powershell command to check which pipes with "ssh" in name exist on your system.
[System.IO.Directory]::GetFiles("\\.\\pipe\\") | Select-String -Pattern ssh
for me it was \\.\\pipe\\openssh-ssh-agent

@tombowditch
Copy link

tombowditch commented Jul 18, 2020

WSL v2 is public builds now (may update, ver 2004). Is this limitation still a factor? Since updating to WSLv2 I'm just getting public key permission denied to my servers (i.e. it isn't working!)

@GuyPaddock
Copy link

GuyPaddock commented Jul 21, 2020

The only two issues I have with #33 (comment) are that:

  1. WSL hangs when trying to close WSL windows (you have to CTRL+C to get it to close)
  2. The first WSL window that gets opened displays this warning:

    kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

To solve issue 2, I am using this:

EXISTING_RELAY_PIDS=$(ps x | grep npiperelay | grep -v grep | awk '{ print $1 }')

if [[ ! -z "${EXISTING_RELAY_PIDS}" ]]; then
  kill -9 ${EXISTING_RELAY_PIDS}
fi

setsid nohup socat \
  EXEC:"/mnt/c/Users/MY_USERNAME/bin/npiperelay.exe /\/\./\pipe/\ssh-pageant" \
  UNIX-LISTEN:/tmp/wsl2-ssh-agent.sock,unlink-close,unlink-early,fork >/dev/null 2>&1 &

export SSH_AUTH_SOCK=/tmp/wsl2-ssh-agent.sock

@GuyPaddock
Copy link

GuyPaddock commented Jul 21, 2020

This variant of #33 (comment) worked better for me, and avoids the hang-at-close:

EXISTING_RELAY_PIDS=$(ps x | grep npiperelay | grep -v grep | awk '{ print $1 }')

if [[ -z "${EXISTING_RELAY_PIDS}" ]]; then
  socat \
    EXEC:"/mnt/c/Users/MY_USERNAME/bin/npiperelay.exe /\/\./\pipe/\ssh-pageant" \
    UNIX-LISTEN:/tmp/wsl2-ssh-agent.sock,unlink-close,unlink-early,fork >/dev/null 2>&1 &
fi

export SSH_AUTH_SOCK=/tmp/wsl2-ssh-agent.sock

@ghost
Copy link

ghost commented Jul 26, 2020

@GuyPaddock I'm using your variant, but when I try to ssh to somewhere within WSL, socat exits:

voltagex@Argentum:/mnt/c/Users/Adam$ ssh 10.1.1.2
voltagex@10.1.1.2: Permission denied (publickey).
[1]+  Exit 1                  socat EXEC:"/mnt/c/Users/Adam/OneDrive/bin/npiperelay.exe /\/\./\pipe/\ssh-pageant" UNIX-LISTEN:/tmp/wsl2-ssh-agent.sock,unlink-close,unlink-early,fork > /dev/null 2>&1

@GuyPaddock
Copy link

GuyPaddock commented Jul 26, 2020

@voltagex Yeah, I'm seeing that too... not sure why socat isn't staying open.

@Vashiru
Copy link

Vashiru commented Jul 28, 2020

I just noticed @ BlackReloaded has sort of forked/borrowed some code from @benpye's project specifically for WSL2 (using socat): https://github.com/BlackReloaded/wsl2-ssh-pageant. That setup works for me. Just note that the docs say $HOME/.ssh/ than just the home directory (took me a couple of reads to pick up on that).

Mind you I'm using it with https://smartcard-auth.de/index-en.html for pageant in order to support my Yubikey.

@ckuai
Copy link

ckuai commented Aug 3, 2020

I just noticed @ BlackReloaded has sort of forked/borrowed some code from @benpye's project specifically for WSL2 (using socat): https://github.com/BlackReloaded/wsl2-ssh-pageant. That setup works for me. Just note that the docs say $HOME/.ssh/ than just the home directory (took me a couple of reads to pick up on that).

Mind you I'm using it with https://smartcard-auth.de/index-en.html for pageant in order to support my Yubikey.

I got wsl2-ssh-pageant working, However, not sure why in wsl2, I cannot make this work in my .zshrc. The socat process is running and the sock file is created, I can see it in ss -a, but ssh-add -l hang, I have to kill socat process and resource .zshrc, then it start working again. This behavior is same for weasel-pageant, I cannot eval and start weasel-pageant.exe in my .zshrc in wsl2, I have to run the eval outside my .zshrc or kill the socat process and re-source my .zshrc once my terminal started. WSL1 do not have this issu. Anyone have this issue in WSL2?

Thanks

@Vashiru
Copy link

Vashiru commented Sep 4, 2020

I just noticed @ BlackReloaded has sort of forked/borrowed some code from @benpye's project specifically for WSL2 (using socat): https://github.com/BlackReloaded/wsl2-ssh-pageant. That setup works for me. Just note that the docs say $HOME/.ssh/ than just the home directory (took me a couple of reads to pick up on that).
Mind you I'm using it with https://smartcard-auth.de/index-en.html for pageant in order to support my Yubikey.

I got wsl2-ssh-pageant working, However, not sure why in wsl2, I cannot make this work in my .zshrc. The socat process is running and the sock file is created, I can see it in ss -a, but ssh-add -l hang, I have to kill socat process and resource .zshrc, then it start working again. This behavior is same for weasel-pageant, I cannot eval and start weasel-pageant.exe in my .zshrc in wsl2, I have to run the eval outside my .zshrc or kill the socat process and re-source my .zshrc once my terminal started. WSL1 do not have this issu. Anyone have this issue in WSL2?

Thanks

Well I didn't have any issues on Ubuntu 18.04, I do see something similar on Ubuntu 20.04. But in my case socat wasn't running and ssh-add -l gave me 'file not found'. I discovered that when I run the socat command in the terminal, it works just fine, but it wasn't doing it when I ran it via my .zshrc. My workaround / fix was to remove the if statement so it will always execute.

@johnorourke
Copy link

johnorourke commented Sep 14, 2020

Just sharing what worked for me - I was new to Windows named pipes, and it's not obvious in the above comments that you need to tell wsl-ssh-pageant to set up the named pipe:

I installed https://github.com/rupor-github/wsl-ssh-agent first because it includes a pre-built npiperelay.exe - I didn't want to have to create a Go build environment.

# in windows, set up a named pipe called ssh-pageant - NOTE: install it in a path with no spaces, it makes the socat command simpler:
"c:\wsl-ssh-agent\wsl-ssh-pageant-386.exe" --winssh ssh-pageant
# then from wsl, use socat to connect it to a socket file:
socat EXEC:"/mnt/c/wsl-ssh-agent/npiperelay.exe -ei -s //./pipe/ssh-pageant" UNIX-LISTEN:/tmp/wsl-ssh-pageant.socket,unlink-close,unlink-early,fork
# then tell ssh to use that socket
export SSH_AUTH_SOCK=/tmp/wsl-ssh-pageant.socket

@benpye
Copy link
Owner

benpye commented Nov 21, 2020

I'll try and have a dig into why this isn't working well. I've generally not had too much trouble with npiperelay and socat though it would be nice to avoid needing the npiperelay binary at the very least.

@judemille
Copy link

judemille commented Nov 30, 2020

@ckuai I'm experiencing the same issue.

@ckuai
Copy link

ckuai commented Nov 30, 2020

@ckuai I'm experiencing the same issue.
Since the Nov win10 monthly update or after 20H2 feature update, the issue seems gone for me.

@tomoyat1
Copy link

tomoyat1 commented Jan 6, 2021

Hi,

Are there any plans to incorporate WSL2 support into wsl-ssh-pageant?
I'd rather not have to fumble with multiple utilities.

@kohenkatz
Copy link

kohenkatz commented Jan 6, 2021

@ckuai Not sure why that would be true, unless you switched to WSL 1.

WSL 2 still has no support for AF_UNIX-based socket communication with Windows programs. (See microsoft/WSL#4240)

@madzohan
Copy link

madzohan commented Jan 14, 2022

seems like that thread is alive microsoft/WSL#4240 perhaps they'll close this issue in nearest future 🚶‍♂️
but for now wsl.exe --set-version Ubuntu 1 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests