Windows Subsystem for Linux: never prompt your ssh passphrase again


This is the list of the requirements:

The scripts


$credentials = Get-StoredCredential -Target sshpassphrase                       $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($credentials.Password)$passphrase = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)                       C:\Windows\System32\wsl.exe -u [YOUR_WSL_USERNAME] -d [YOUR_DISTRIBUTION] /home/[YOUR_WSL_USERNAME]/wslu/ $passphrase

echo "$1"
export DISPLAY="0"
/usr/bin/keychain --clear id_rsa

The scripts are hosted on public gist. There are two of them a poweshell script called keychain.ps1 which:

  • get credential from windows credential;
  • launches the second script, passing your passphrase, in your wsl distribution.

Please substitute [YOUR_DISTRIBUTION] with the name of your current distribution and [YOUR_WSL_USERNAME] with the name of your wsl user.

The second script, called, does:

  • create a tmp/ssh-askpass-script and give it the right permissions;
  • set the SSH_ASKPASS environment variable;
  • launch keychain;
  • deletes the temporary script.


Copy the two scripts in your wslu folder in you home directory and give the right execution permissions.

1)Credential manager

  • Launch credential manager;
  • Click on windows credentials;
  • Click on add a generic credential;
  • Insert sshpassphrase in the internet or network address and username fields;
  • Insert the value of your ssh passphrase in the password field.

2)Task scheduler

  • Launch task scheduler;
  • Click on create basic task;
  • Insert a name for your task — Launch Keychain — then click next;
  • Choose when I log on and click next;
  • Choose start a program and click next;
  • Insert powershell in the program/script field and insert -File C:\Users\[YOUR_WINDOWS_USER]\wslu\keychain.ps1 in the add arguments field, then click next
  • Click on finish

3)Bash/Zsh configuration

Add the following to your ,bashrc/.zshrc: test -f /usr/bin/keychain && eval $(/usr/bin/keychain --eval --quiet id_rsa)


When you reboot and logon the powershell script shoud run.

It will recover you passphrase from windows credential and pass it, trough the SSH_ASKPASS environment variable, to keychain and you should never prompt it again.




Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Giuseppe Sorrentino

Giuseppe Sorrentino

More from Medium

Tool Time with Caleb — Ep.1

Shell Scripting

Config ip Address interface Linux

Install Arch Linux on Kvm