blackreloaded / wsl2-ssh-pageant Goto Github PK
View Code? Open in Web Editor NEWbridge between windows pageant and wsl2
License: MIT License
bridge between windows pageant and wsl2
License: MIT License
output for ssh-add -l
error fetching identities: communication with agent failed
have done a rm of sock
rm .ssh/agent.sock
sourced .bashrc_pagent
and sock was not created
outuput of ssh-add -l
Error connecting to agent: No such file or directory
elif ss -a | grep -q "$SSH_AUTH_SOCK" && [[ ! -f "$SSH_AUTH_SOCK" ]] ; then
killall socat
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fi
actually this was created back
Describe the bug
Seems not to be compatible with the version 4.0.0 of Gpg4win anymore. The YubiKey is not accessible in WSL and gpg --card-status
fails with no scdaemon
.
After downgrading to the previous version 3.1.16 it is working again as before.
To Reproduce
Steps to reproduce the behavior:
gpg --card-status
Additional context
It seems that the version 4 of Gpg4Win does change how smart cards are accessed as stated in the release notes:
"New smartcard handling with better support for multiple smartcards.
https://gpg4win.org/version4.html
this version of wsl2-ssh-pageant.exe is blocked by Crowdstrike for "Machine Learning via Sensor-based ML".
So sadly I can not use it on my work computer.
Can you somehow fix this ?
Describe the bug
I tried the new preview version of WSL from the Microsoft Store that was just released, the only thing that no longer seems to be working is wsl2-ssh-pageant.
SSH no longer authorizes me with the key in my Yubikey but asks me for my password.
Uninstalling the preview version of WSL makes it work again.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
SSH connections should work like before.
Additional context
I reported the issue to WSL as it is the only thing that has changed, but they suggested I report it here too.
Blog post: A preview of WSL in the Microsoft Store is now available!
Adding the snippet for .bashrc
in a Fedora basic image, ss
command does not exist.
After an internet search (and confirmed using yum provides
), it is provided by the iproute
package, so would be good to confirm that new users has this command available on its computer.
Note: By the way, the command ss
in my environment always output,
RTNETLINK answers: Invalid argument
so I added 2&> /dev/null
to the command.
Scoop is a command line installation manager for Windows.
If I install GPG by scoop, the home directory of GPG will be placed in %USERPROFILE%\scoop\apps\GnuPG\current\home
instead of %APPDATA%\gnupg
.
However, in this project, the GPG home is hard-coded (FYI: here) and cannot support the GPG installed in scoop.
We would like to manage the version of GPG using scoop, can you support it?
Seems the socat target file is no longer attached to this project?
Describe the bug
Followed all the steps, get this when running gpg --card-status
after wsl --shutdown
codebam gpg --card-status
gpg: can't connect to the gpg-agent: End of file
gpg: OpenPGP card not available: No agent running
codebam gpg --card-status
gpg: selecting card failed: Service is not running
gpg: OpenPGP card not available: Service is not running
codebam gpg --card-status
gpg: can't connect to the agent: End of file
gpg: OpenPGP card not available: No agent running
codebam gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
Cards are visible outside of WSL2
To Reproduce
Steps to reproduce the behavior:
.bashrc
wsl --shutdown
Expected behavior
gpg --card-status
would show cards.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
/c/Users/myuser/AppData/Roaming/gnupg/gpg-agent.conf
enable-putty-support
enable-ssh-support
PuTTY, Gpg4Win, and Git installed with winget
.bashrc
linesexport SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then
rm -f "$SSH_AUTH_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
config_path="C:\Users\swb19\AppData\Roaming\gnupg"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath ${config_path}" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fi
export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
rm -rf "$GPG_AGENT_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
config_path="C:\Users\swb19\AppData\Roaming\gnupg"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath ${config_path} -gpg S.gpg-agent" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fi
If I start wsl2-ssh-pageant.exe
manually with
./.ssh/wsl2-ssh-pageant.exe -gpgConfigBasepath "C:\Users\swb19\AppData\Roaming\gnupg"
It makes my entire shell hang and I have to close the Window, however
./.ssh/wsl2-ssh-pageant.exe -h
Shows the help just fine
Describe the bug
The gpg side of things is working fine. however I keep getting ssh-add -L: connection refused.
in the verbose log I am seeing this:
2021/08/22 22:31:19 Starting exe
2021/08/22 22:31:19 Reading length: 1
2021/08/22 22:31:19 Querying pageant
2021/08/22 22:31:19 Pageant query error 'WM_COPYDATA failed'
2021/08/22 22:31:19 io.ReadFull length error 'EOF
To Reproduce
Steps to reproduce the behavior:
Unsure how. I just installed it normally and ran ssh-add -L
Expected behavior
ssh-add -L
should show me my key just like the winssh one does
Desktop (please complete the following information):
Describe the bug
For some reason I'm not being able to use my SSH and GPG clients in both Git Bash and my IDE (Jetbrains Idea).
I'm using wsl2-ssh-pageant
as a way to fetch my GPG and SSH credentials from my Yubikey. When I use it from Linux, it works as expected. First, I start my gpg-agent with gpgconf --launch gpg-agent
, them I reboot my WSL and, afterwards, I can run both gpg --card-status
and ssh-add -L
inside my Linux machine and it fetches my credentials.
The problem is on the Windows side. On a new Powershell I can run gpg --card-status
and see the expected output, but running ssh-add -L
leads to:
PS C:\Users\accou> ssh-add -L
Error connecting to agent: No such file or directory
When it should display my ssh-keys from my Yubikey (as it does in Linux):
~
❯ ssh-add -L
ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAkNoM9kXjOtO1elu47lOWTemQINo4C1585yWK8xvuvbkkrCnxCdEpg7kOyYGG5G1+mTUzHSCg5hvK11wXgQHTvAOxgNw1ZcDrcdwnXwNVKs1quek9zLqNyi9ySoem4R1w== cardno:13 380 995
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINzpr94SDBXbnKE5EHMAwAhSkhRZK2Zordf3BoINFxww cardno:13 380 995
The problem is worse when I open an Bash terminal (from Git) inside Windows. My gpg --card-status
leads to:
accou@bud-0001 MINGW64 ~
$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
(after a long delay)
And the ssh-add -L
has the same result as it does in Powershell.
That should not be a problem (since it is working in Linux), but I would like to fetch/push from my git repositories (configured to use SSH) directly in my IDE, but I can't. Since my IDE is running in Windows, it can sign my commits (problably because Powershell can see my gpg key) but I can't use my SSH key.
Expected behavior
I would like to use my GPG and SSH keys on both sides (Linux and Windows)
socat version 1.7.3.4 on Apr 25 2020 06:17:10
running on Linux version #1 SMP Wed Feb 19 06:37:35 UTC 2020, release 4.19.104-microsoft-standard, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#undef WITH_READLINE
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /*debug*/
After updating my Pengwin install, I get two RTNETLINK
messages on console start. Everything appears to function fine, just it complaining about a bad argument.
Describe the bug
Following instructions from repo I'm getting errors like below. I was trying to use yubikey 5 but after following steps I'm lost where problem is now.
╰─ gpg --card-status
gpg: can't connect to the agent: End of file
gpg: OpenPGP card not available: No agent running
while on Win it's working fine
PS C:\Windows\system32> gpg --card-status
Reader ...........: Yubico YubiKey OTP FIDO CCID 0
Desktop (please complete the following information):
PS C:\Windows\system32> wsl -l -v
NAME STATE VERSION
* Ubuntu Running 2
╰─ ps aux | grep -i socat
lukasz 65 0.0 0.0 6968 1824 ? SNs 14:29 0:00 socat UNIX-LISTEN:/home/lukasz/.ssh/agent.sock,fork EXEC:/home/lukasz/.ssh/wsl2-ssh-pageant.exe
lukasz 70 0.0 0.0 6968 3276 ? SNs 14:29 0:00 socat UNIX-LISTEN:/home/lukasz/.gnupg/S.gpg-agent,fork EXEC:/home/lukasz/.ssh/wsl2-ssh-pageant.exe --gpg S.gpg-agent
lukasz 221 0.0 0.0 8160 720 pts/1 S+ 14:32 0:00 grep -i socat
╰─ cat wsl2-gpg-ssh.log
2021/12/31 14:21:33 Starting exe
2021/12/31 14:22:26 io.ReadFull length error 'EOF'
Describe the bug
Everytime the socat fork executes a new instance of wsl2-ssh-pageant, an empty terminal window (Windows Terminal Preview, as it is my default terminal application, but it also happens when the normal conhost terminal is configured) opens for a second and then closes again. Should the PIN need to be put in, the window stays open until I have done so too. Because it opens in the foreground and steals input focus during its lifetime, this is moderately annoying. While this behaviour does not occur 100% of time, I am unsure which circumstances lead to the window appearing and which do not.
I believe that this has started to occur after upgrading my OS to Windows 11 (in-place upgrade, not a new installation). It also seems that the problem disappears with an upgrade of my GnuPG version (on Windows) from 2.2.28 to 2.3.4, but unfortunately this upgrade seems to break some other think regarding the YubiKey detection and Pageant connection (see e.g. #25) so I had to roll this back. As the issue was not appearing completely consistently with the old version either, it could also be that the new version is affected as well and just didn't show the behaviour during my time of experimenting with it.
I am not necessarily asserting that this is a bug with wsl2-ssh-pageant itself, it may well also be caused by my specific configuration, which is why I'm trying to provide as much information as I can below, maybe someone experiences similar issues and can see a similarity in circumstances. Also, the attached wsl2-ssh-pageant log at the bottom does contain an error, however this does not seem to impact functionality, but it might still be a possible cause?
To Reproduce
ssh-add -L
, gpg --card-status
or just any ssh <host>
Expected behavior
The execution of wsl2-ssh-pageant should not open up any window or cause any UI interaction.
Screenshots
Image of the empty Windows Terminal Preview window opening up in response to a ssh-add -L
, with the executable's path set as the tab's/window's title
Desktop:
wsl2-ssh-pageant integration script
export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
GPG_WINDOWS_SOCKETDIR=$(gpgconf.exe --list-dirs | grep socketdir | cut -f2- -d: | tr -d '\r\n' | sed -e 's|\\|/|g' -e 's|%3a|\\:|g')
WSL2_SSH_PAGEANT_LOG_DIR="$HOME/.local/log/wsl2-ssh-pageant"
WSL2_SSH_PAGEANT_BIN="$APPDATA/wsl2-ssh-pageant/wsl2-ssh-pageant.exe"
if test -x "$WSL2_SSH_PAGEANT_BIN"; then
if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then
rm -f "$SSH_AUTH_SOCK"
(setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$WSL2_SSH_PAGEANT_BIN --verbose --logfile $WSL2_SSH_PAGEANT_LOG_DIR/wsl2sp-ssh.log" > /dev/null 2>&1 &)
fi
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
rm -rf "$GPG_AGENT_SOCK"
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$WSL2_SSH_PAGEANT_BIN --gpg S.gpg-agent --gpgConfigBasepath $GPG_WINDOWS_SOCKETDIR --verbose --logfile $WSL2_SSH_PAGEANT_LOG_DIR/wsl2sp-gpg.log" > /dev/null 2>&1 &)
fi
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
Running socat processes (including --gpgConfigBasepath due to #26)
❯ ps aux | grep -i socat
philipp+ 4788 0.0 0.0 7528 3536 ? Ss 22:37 0:00 socat UNIX-LISTEN:/home/philipp.holler/.ssh/agent.sock,fork EXEC:/mnt/c/Users/philipp.holler/AppData/Roaming/wsl2-ssh-pageant/wsl2-ssh-pageant.exe --verbose --logfile /home/philipp.holler/.local/log/wsl2-ssh-pageant/wsl2sp-ssh.log
philipp+ 4793 0.0 0.0 7528 2196 ? Ss 22:37 0:00 socat UNIX-LISTEN:/home/philipp.holler/.gnupg/S.gpg-agent,fork EXEC:/mnt/c/Users/philipp.holler/AppData/Roaming/wsl2-ssh-pageant/wsl2-ssh-pageant.exe --gpg S.gpg-agent --gpgConfigBasepath C\:/Users/philipp.holler/AppData/Roaming/gnupg --verbose --logfile /home/philipp.holler/.local/log/wsl2-ssh-pageant/wsl2sp-gpg.log
SSH agent socket wsl2-ssh-pagent log snippet
2021/12/28 22:55:04 Starting exe
2021/12/28 22:55:04 Reading length: 1
2021/12/28 22:55:04 Querying pageant
2021/12/28 22:55:04 io.ReadFull length error 'EOF'
Describe the bug
Multiple error lines on executing .bashrc / login:
"Cannot open netlink socket: Protocol not supported"
To Reproduce
Do what you described for performing setup.
Expected behavior
Should work.
Desktop (please complete the following information):
Describe the bug
After installation, when trying to run ssh-add -L
in WSL, it returns error:
➜ ssh-add -L
error fetching identities: agent refused operation
To Reproduce
Steps to reproduce the behavior:
ssh-add -L
Expected behavior
List of key from my yubikey
Desktop (please complete the following information):
Additional context
Using gpg4win, yubikey, zsh
When running gpg --card-status
in WSL, the command works fine.
Any help on debugging this is appreciated. 👍
Describe the bug
I'm trying to use this with KeeAgent, which is a plugin for KeePass2, which in turn is essentially just a pageant, like putty-pageant, except that it loads SSH keys from your password database.
To Reproduce
Steps to reproduce the behavior:
ssh-add -L
Expected behavior
wsl2-ssh-pageant being able to communitcate with KeeAgent
Desktop (please complete the following information):
Hi, I want to migrate my OS from Ubuntu to Arch. When I insert the Yubikey, both Windows and Ubuntu can recognize the smartcard and print the status. However, I found that the pageant is not working on Arch.
In Windows powershell:
In Ubuntu:
In Arch:
I then check whether socat is running and found that it only run on the first-executed wsl instance. If I run Ubuntu first then socat won't run properly on Arch. Although I did try to run Arch before Ubuntu but still have no luck. However, I noticed there is a different behavior between these two OS.
When socat successfully run on Ubuntu, only the socat-rendered gpg-agent is found in jobs:
When socat run on Arch. it would behave like in Ubuntu in the beginning:
However, when I checked the smartcard by gpg --card-status, it take a few second and shows an error "can't connect to the agent: End of file"
When I ran it second time it became "No such device":
Later I checked the jobs with htop again and found that the standard gpg-agent is up:
I suspect that should be the reason which cause the pageant failed on Arch.
Another possibility would be the fish shell since I'm using fish in Arch and bash in Ubuntu, I'll check whether the pageant can work on fish on Ubuntu or bash on Arch.
On the latest Windows 11 Release Preview, the agent communication consistently breaks if I close and re-open the terminal.
ssh-add -l
then fails with communication with agent failed
.
The strange thing is, it works fine when I initially open the Terminal, and it freshly starts socat.
It also works great if I then open another terminal, while the other is still open.
However, if I close the Terminal, and then re-open it, communication with the agent becomes impossible with the above error.
Killing socat and opening another terminal(re-running the code in zshrc) fixes the issue momentarily, until I close all terminals again.
However again, if I close the Terminal and wait long enough for WSL2 to stop the VM after a minute or so, and then start a new Terminal, a new socat process is started and it works fine.
So this only happens if I somewhat quickly close and re-open the last open Terminal.
In that state, ps
lists the socat process just fine, and it also appears in ss
output.
I have adapted the snippet in my zshrc to account for that situation:
export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
ssh-add -l >/dev/null 2>&1; SSH_RES=$?
ss -a | grep -q "$SSH_AUTH_SOCK"; SS_RES=$?
if [[ $SSH_RES == 1 && $SS_RES == 0 ]]; then
pkill -f "$SSH_AUTH_SOCK"
SS_RES=1
fi
if [[ $SS_RES != 0 ]]; then
rm -f "$SSH_AUTH_SOCK"
PAGEANT_BIN="$HOME/.ssh/wsl2-ssh-pageant.exe"
if test -x "$PAGEANT_BIN"; then
(setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$PAGEANT_BIN" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $PAGEANT_BIN is not executable."
fi
unset PAGEANT_BIN
fi
unset SSH_RES SS_RES
But that is merely a workaround, and not an actual fix for the issue.
SSH seems to be working, and accessing my Yubikey was working previously, but WSL2 (on two different systems) no longer is able to talk to my Yubikey.
socat
is running, but the result of gpg --card-status
is:
gpg: error getting version from 'scdaemon': No SmartCard daemon
gpg: OpenPGP card not available: No SmartCard daemon
So I've been using this for a long time on windows 10 and have had absolutely no issues, well done for a really awesome piece of software.
However, since upgrading my laptop to windows 11 and reinstalling WSL2 (with WLSg if that makes a difference) the communication to the agent is EXTREMELY slow. From typing ssh at the command line to actually getting the gpg pincode prompt (/touch to auth flash on my yubikey) is taking over 20s, ssh-add -L
is also taking a similar amount of time.
Performing the same operation from windows connecting to the gpg agent and I get the prompt instantly from both putty and winssh, implying this is an issue with the WSL2 connection somewhere.
Any ideas?
I have a suggestion, make the installation snippet in README like this:
sudo apt-get install socat
cd ~/.ssh/
wget https://github.com/BlackReloaded/wsl2-ssh-pageant/releases/latest/download/wsl2-ssh-pageant.exe
chmod +x wsl2-ssh-pageant.exe
(Notice that URL link is to latest release)
Exact lines does not matter, but grand idea is: It would allow copy pasting the whole thing and running in one swoop.
Thanks, great utility.
I've been using this tool for a couple of months. My setup is the following:
My SSH private key is inside my Yubikey 5 NFC. I've properly configured it to enabled using it as my SSH credential As I've said, I've been using it for some months and a couple of days ago SSH stopped working. Here is the log:
OpenSSH_8.7p1, OpenSSL 1.1.1o FIPS 3 May 2022
debug1: Reading configuration data /home/delucca/.ssh/config
debug1: /home/delucca/.ssh/config line 1: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host github.com originally github.com
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /home/delucca/.ssh/config
debug1: /home/delucca/.ssh/config line 1: Applying options for github.com
debug2: add_identity_file: ignoring duplicate key ~/.ssh/id_yubikey.pub
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host github.com originally github.com
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/delucca/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/delucca/.ssh/known_hosts2'
debug2: resolving "github.com" port 22
debug3: ssh_connect_direct: entering
debug1: Connecting to github.com [20.201.28.151] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/delucca/.ssh/id_yubikey.pub type 2
debug1: identity file /home/delucca/.ssh/id_yubikey.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.7
debug1: Remote protocol version 2.0, remote software version babeld-fc5e4bc0
debug1: compat_banner: no match: babeld-fc5e4bc0
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to github.com:22 as 'git'
debug3: record_hostkey: found key type ED25519 in file /home/delucca/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file /home/delucca/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file /home/delucca/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from github.com
debug1: load_hostkeys: fopen /home/delucca/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr
debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
debug2: MACs stoc: [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
debug3: record_hostkey: found key type ED25519 in file /home/delucca/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file /home/delucca/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file /home/delucca/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from github.com
debug1: load_hostkeys: fopen /home/delucca/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in /home/delucca/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/delucca/.ssh/id_yubikey.pub ECDSA SHA256:ZGpNW4kxP4mKM5j6HjblwgKD9nqnc4NzecB/6qQqEH8 explicit agent
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/delucca/.ssh/id_yubikey.pub ECDSA SHA256:ZGpNW4kxP4mKM5j6HjblwgKD9nqnc4NzecB/6qQqEH8 explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /home/delucca/.ssh/id_yubikey.pub ECDSA SHA256:ZGpNW4kxP4mKM5j6HjblwgKD9nqnc4NzecB/6qQqEH8 explicit agent
debug3: sign_and_send_pubkey: ECDSA SHA256:ZGpNW4kxP4mKM5j6HjblwgKD9nqnc4NzecB/6qQqEH8
debug3: sign_and_send_pubkey: signing using ecdsa-sha2-nistp384 SHA256:ZGpNW4kxP4mKM5j6HjblwgKD9nqnc4NzecB/6qQqEH8
045646sign_and_send_pubkey: signing failed for ECDSA "/home/delucca/.ssh/id_yubikey.pub" from agent: agent refused operation
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
I've already tried to change my pinentry program, but the issue persisted.
What should I do?
Describe the bug
This is how I start the process in WSL 2:
setsid socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork EXEC:"$HOME/.ssh/wsl2-ssh-pageant.exe --verbose --gpgConfigBasepath 'C:/Users/user-name/AppData/Local/gnupg' --gpg S.gpg-agent" >/dev/null 2>&1 &
To Reproduce
Steps to reproduce the behavior:
socat
process like abovegpg --card-status
3 timeswsl2-ssh-pageant.exe
process in Windows Task ManagerExpected behavior
No wsl2-ssh-pageant.exe
process should be found in the Task Manager
Desktop (please complete the following information):
Additional context
When launching as per the README every first time starting up the WSL machine the following is displayed:
[2] 39
[2] + 39 done setsid nohup socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork > /dev/null 2>&1
[2] 44
[2] + 44 done setsid nohup socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork > /dev/null 2>&1
Would it be possible to supress this output, I have tried with no luck.
Describe the bug
Install and use Putty 0.75, The included Pageant version no longer works with wsl2-ssh-pageant.
To Reproduce
Steps to reproduce the behavior:
ssh -T [email protected]
Expected behavior
5. Switch back to Pageant 0.74
6. The same command under the same conditions validates just fine.
Desktop
Additional context
Pageant 0.75 has new features that allow reading encrypted keys without decrypting them. I did not use this feature to load my key into Pageant, but the changes to allow this feature are a likely suspect for the cause of the failure reported here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.