DEV Community

David Sánchez
David Sánchez

Posted on

Use 1Password SSH Agent in WSL

TIL: You can use 1Password's SSH Agent in WSL, and it's not that complicated.

I've been using Windows + WSL as my main driver for a few weeks, and one of the things I missed the most was the ease of setup of the 1Password's SSH agent and Linux or macOS.

After searching for a while, I found one thread in the 1Password Community forum that linked to a post containing the steps to forward the SSH Agent requests from WSL to the Windows' SSH agent.

Amazingly, you don't have to do anything extra to make it work with 1Password SSH agent, and I'll write the steps I did to activate it below.

Enable 1Password SSH Agent

If you have not created or imported your SSH keys into 1Password, you can do it by following this article.

To activate 1Password's SSH agent, you must have Windows Hello activated. You can learn more about Windows Hello in this article.

Open your 1Password settings and go to the “Developer” section. You need to check the “Use the SSH agent” checkbox.

1Password Settings window

That's all we need to do to activate the SSH agent.

Download npiperelay

To communicate between WSL and the 1Password SSH agent, we'd need to use npiperelay. This tool allows WSL to communicate with Windows' named pipes.

To install it, we need to open the GitHub repository and download the latest release. At the time of writing this post, the latest release is v0.1.0 from July 2, 2020.

Unzip it, and paste the npiperelay.exe file in any folder that's configured in your system's PATH.

If you don't know how to modify your system's PATH, you can learn how to do it in this article.

Connect WSL with 1Password's SSH agent

Now that we have the prerequisites fulfilled, we can connect our WSL distro with the SSH agent.

I'm using Ubuntu as my WSL distro, this may change if you're using another distro.

We need to install socat which is a utility to transfer data between channels, this tool will use npiperelay to then communicate with the named pipes.

sudo apt install socat
Enter fullscreen mode Exit fullscreen mode

In your WSL terminal, create a new folder named .1password in your home directory:

mkdir $HOME/.1password
Enter fullscreen mode Exit fullscreen mode

Create a new file named .agent-bridge.sh in your home directory. You can name this file whatever you want, this naming was just a personal preference from me.

touch $HOME/.agent-bridge.sh && chmod +x $HOME/.agent-bridge.sh
Enter fullscreen mode Exit fullscreen mode

And add the following content to the newly created file:

# Code extracted from https://stuartleeks.com/posts/wsl-ssh-key-forward-to-windows/ with minor modifications

# Configure ssh forwarding
export SSH_AUTH_SOCK=$HOME/.1password/agent.sock
# need `ps -ww` to get non-truncated command for matching
# use square brackets to generate a regex match for the process we want but that doesn't match the grep command running it!
ALREADY_RUNNING=$(ps -auxww | grep -q "[n]piperelay.exe -ei -s //./pipe/openssh-ssh-agent"; echo $?)
if [[ $ALREADY_RUNNING != "0" ]]; then
    if [[ -S $SSH_AUTH_SOCK ]]; then
        # not expecting the socket to exist as the forwarding command isn't running (http://www.tldp.org/LDP/abs/html/fto.html)
        echo "removing previous socket..."
        rm $SSH_AUTH_SOCK
    fi
    echo "Starting SSH-Agent relay..."
    # setsid to force new session to keep running
    # set socat to listen on $SSH_AUTH_SOCK and forward to npiperelay which then forwards to openssh-ssh-agent on windows
    (setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1
fi
Enter fullscreen mode Exit fullscreen mode

Open .bashrc (or your shell's configuration file if you don't use BASH), and add the following line at the end of the file:

source $HOME/.agent-bridge.sh
Enter fullscreen mode Exit fullscreen mode

Reset your Windows Terminal, and you should be able to see your keys imported into 1Password when listing the keys added to the agent.

SSH Agent showing imported keys

You won't have to repeat this process again, as long as you don't remove any configuration we created.

--

I'm happy to have found a way to use my SSH keys stored in 1Password when using WSL, it eases the things a bit for me as I haven't used Windows in at least a decade. I'm still trying to make myself comfortable in this operating system, but I guess time will tell what happens.

Nevertheless, WSL has been an amazing tool, and I'd like to thank everyone involved on it.

Top comments (8)

Collapse
 
rfay profile image
Randy Fay

This worked for me, thanks. I did have to reboot before it actually worked.

Collapse
 
d4vsanchez profile image
David Sánchez • Edited

Hey @rfay, I'm glad it worked! One question about the rebooting, in which step you had to reboot, or you rebooted after following all the steps before it was missing something? (I want to update the post to reflect that if neccesary)

Collapse
 
rfay profile image
Randy Fay

I've loved this, but the reboot has been required more than once now, I haven't figured out why yet. It seems to be when the WSL2 distro is terminated, it doesn't come back up right; Even wsl --shutdown doesn't fix it. My bet right now looking at the script is that npiperelay.exe has to be terminated for the script to work right when the script is re-run perhaps. In this situation ALREADY_RUNNING finds that npiperelay.exe is still running.. but maybe it's orphaned?

Thread Thread
 
rfay profile image
Randy Fay

I think what has to happen is kill the orphaned socat process in this situation. There are also problems going on right now with WSL2 not doing wsl --shutdown correctly, so that's probably related. I'll keep chasing it, but I do think it's the socat process.

Thread Thread
 
tappineapple profile image
Adin

I know I might be late to the party, but I just had to reset my windows host so that my PATH changes updated. This might be what they were talking about.

Thread Thread
 
muuvmuuv profile image
Marvin Heilemann

Did you find out how to kill the orphan properly, we have the execat same issue here. Already tried killing the process which works for the terminal but not VS Code...

Collapse
 
tranqy profile image
Aaron Junod

This worked for me, thanks for sharing!

Collapse
 
mrgoo profile image
Mike Johnson

This was awesome thanks!