Integration with bash on Windows 10 Preview

[katekarnage]

The good news is, this already works and should just need some documentation adding to tips and tricks.

Using the MSYSGIT socket functionality already provided, the bash/linux subsystem on windows 10 Preview can be made to use KeeAgent as it's ssh agent.

I managed to do it using socat (apt-get install socat within bash on windows) a script like the one below (pretty crude, ignores some things like proper host/network translation on the port number, because, well... the target architecture is known! and some cleanup could be added to .bash_logout etc)

# If MSYSGIT socket in keeagent is set as c:\Users/foo/Documents/ssh_auth_msysgit
SSH_AUTH_KEEAGENT_SOCK=/mnt/c/Users/foo/Documents/ssh_auth_msysgit
SSH_AUTH_KEEAGENT_PORT=`sed -r 's/!<socket >([0-9]*\b).*/\1/' ${SSH_AUTH_KEEAGENT_SOCK}`

#use socket filename structure similar to ssh-agent
ssh_auth_tmpdir=`mktemp --tmpdir --directory keeagent-ssh.XXXXXXXXXX`
SSH_AUTH_SOCK="${ssh_auth_tmpdir}/agent.$$"

socat UNIX-LISTEN:${SSH_AUTH_SOCK},mode=0600,fork,shut-down TCP:127.0.0.1:${SSH_AUTH_KEEAGENT_PORT},connect-timeout=2 2>&1 > /dev/null &

[dlech]

Nifty. I'll try this out when I get a chance.

[mendhak]

Thanks @katekarnage, never heard of socat until now.

I added this to my ~/.bashrc, seems to work well with KeeAgent on launching Bash on Win10.

#KeeAgent setup
SSH_AUTH_KEEAGENT_SOCK=/mnt/c/Temp/syslockfile
SSH_AUTH_KEEAGENT_PORT=`sed -r 's/!<socket >([0-9]*\b).*/\1/' ${SSH_AUTH_KEEAGENT_SOCK}`
ssh_auth_tmpdir=`mktemp --tmpdir --directory keeagent-ssh.XXXXXXXXXX`
export SSH_AUTH_SOCK="${ssh_auth_tmpdir}/agent.$$"
socat UNIX-LISTEN:${SSH_AUTH_SOCK},mode=0600,fork,shut-down TCP:127.0.0.1:${SSH_AUTH_KEEAGENT_PORT},connect-timeout=2 2>&1 > /dev/null &

On connecting via SSH I do see this error though, is it something we can safely ignore?

2016/08/20 12:08:46 socat[20] E write(4, 0xf24640, 5): Broken pipe

[dlech]

It looks like unix sockets are at least partially implemented. Microsoft/WSL#134

This is really what should be used here instead of socat.

[FlorinAsavoaie]

Not extremely easy to implement the Unix sockets outside a WSL instance, as far as I can tell. Meanwhile I wrote this: https://gist.github.com/FlorinAsavoaie/8c2b6cb00f786c2caab65b1a51f4e847.

[h31]

A major upgrade for Linux subsystem was released
https://blogs.msdn.microsoft.com/commandline/2017/04/11/windows-10-creators-update-whats-new-in-bashwsl-windows-console/
Will it make things easier?

[rfnx]

Still not working for me, even with the new Creators update.

I tried to declare the socket in KeeAgent options (both types, msysGit and Cygwin) and then export "SSH_AUTH_SOCK" in bash, but maybe I'm doing it wrong ?

[dlech]

MSYS/Cygwin use TCP sockets, not Unix sockets, so they will not work with native Linux ssh programs. We need to figure out how to create a Unix socket from a Windows program (if that is even possible) or perhaps automate the socat tunnel that is described in the opening comment here.

[saxonww]

https://github.com/ionescu007/lxss might help answer this question.

I've spent less than 5 minutes looking at this, but it suggests that there is an 'ADSS bus' which is the bridge between the Win32 and WSL environments. It might not really be possible (yet) to just create a socket file from a Win32 program and have it be recognized as such by a WSL process; there would maybe need to be something like the lxext/lxexec method described in the readme for this repo.

[saxonww]

Also fwiw I have been using a modified version of @FlorinAsavoaie's python thing for several months. It works as well or better than the socat method, with the one downside being if I try to close my WSL window(s) while keepass is locked, I get into a db unlock loop that is really hard to get out of.

[h31]

https://github.com/ionescu007/lxss might help answer this question.

WSL from Creators update allows to run arbitrary Linux command from the Windows executable. There's no need to use unofficial tools.

[saxonww]

Does this new capability extend to reading and writing from an Linux socket file?

[h31]

Haven't heard about such possibilities. I've posted a link above, maybe it will help.

[strarsis]

I use this now in .bashrc:

# KeeAgent
export SSH_AUTH_SOCK="/tmp/.ssh-auth-sock"
~/bin/msysgit2unix-socket.py /mnt/d/pass/keeagent-msysgit:$SSH_AUTH_SOCK

It uses the msysgit2unix-socket python script, a recent fork you can find here:
https://gist.github.com/duebbert/4298b5f4eb7cc064b09e9d865dd490c9

[saxonww]

https://blogs.msdn.microsoft.com/commandline/2017/12/19/af_unix-comes-to-windows/ !!

Doesn't interop with WSL yet, apparently, but the blog makes it sound like it will soon-ish, and it's listed in the WSL release notes for 17063...

[strarsis]

Currently working howto: https://gist.github.com/strarsis/e533f4bca5ae158481bbe53185848d49

[strarsis]

What is cool is that it also works with FileZilla Normal login and some other SSH clients on Windows.
They seem to share the same library.

[pscheit]

if [ ! -f /tmp/ssh-agent-pipe ]; then
sudo socat UNIX-LISTEN:/tmp/ssh-agent-pipe,fork,group=yourusernamegroup,umask=007 EXEC:"npiperelay.exe -ep -s //./pipe/openssh-ssh-agent",nofork &
fi

and enable the experimental open ssh support
https://github.com/jstarks/npiperelay

after reading this thread i should've known, that there is already a tcp socket available to bind with socat, but leaving this here for someone who's interested ..

[strarsis]

@pscheit: Where do I have to enable the experimental open ssh support?
Is this a npiperelay option or a KeeAgent option?

[pscheit]

jip

[strarsis]

@pscheit: How can I avoid sudo prompt at the beginning of each shell session?
Besides this issue, typing in terminal becomes strange sometimes.
When using Ctrl+C in shell, the command exits with code 130.

[reynoldsbd]

Hello! I am not a KeeAgent user, but I got a tip that folks here might be interested in wsl-agent-bridge. In short, it allows WSL to transparently use the Windows port of ssh-agent via an AF_UNIX socket.