Windows Subsystem for Linux: never prompt your ssh passphrase again

Requirements

This is the list of the requirements:

The scripts

keychain.ps1

$credentials = Get-StoredCredential -Target sshpassphrase                       $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($credentials.Password)$passphrase = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)                       C:\Windows\System32\wsl.exe -u [YOUR_WSL_USERNAME] -d [YOUR_DISTRIBUTION] /home/[YOUR_WSL_USERNAME]/wslu/keychain.sh $passphrase

keychain.sh

#!/bin/bash
SSH_ASKPASS_SCRIPT=/tmp/ssh-askpass-script
cat > ${SSH_ASKPASS_SCRIPT} <<EOL
#!/bin/bash
echo "$1"
EOL
chmod u+x ${SSH_ASKPASS_SCRIPT}
export DISPLAY="0"
export SSH_ASKPASS=${SSH_ASKPASS_SCRIPT}
/usr/bin/keychain --clear id_rsa
rm ${SSH_ASKPASS_SCRIPT}

The scripts are hosted on public gist. There are two of them a poweshell script called keychain.ps1 which:

  • get credential from windows credential;
  • launches the second script keychain.sh, passing your passphrase, in your wsl distribution.

Please substitute [YOUR_DISTRIBUTION] with the name of your current distribution and [YOUR_WSL_USERNAME] with the name of your wsl user.

The second script, called keychain.sh, does:

  • create a tmp/ssh-askpass-script and give it the right permissions;
  • set the SSH_ASKPASS environment variable;
  • launch keychain;
  • deletes the temporary script.

Configuration

Copy the two scripts in your wslu folder in you home directory and give the right execution permissions.

1)Credential manager

  • Launch credential manager;
  • Click on windows credentials;
  • Click on add a generic credential;
  • Insert sshpassphrase in the internet or network address and username fields;
  • Insert the value of your ssh passphrase in the password field.

2)Task scheduler

  • Launch task scheduler;
  • Click on create basic task;
  • Insert a name for your task — Launch Keychain — then click next;
  • Choose when I log on and click next;
  • Choose start a program and click next;
  • Insert powershell in the program/script field and insert -File C:\Users\[YOUR_WINDOWS_USER]\wslu\keychain.ps1 in the add arguments field, then click next
  • Click on finish

3)Bash/Zsh configuration

Add the following to your ,bashrc/.zshrc: test -f /usr/bin/keychain && eval $(/usr/bin/keychain --eval --quiet id_rsa)

Conclusion

When you reboot and logon the powershell script shoud run.

It will recover you passphrase from windows credential and pass it, trough the SSH_ASKPASS environment variable, to keychain and you should never prompt it again.

--

--

--

https://rightright.me

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Giuseppe Sorrentino

Giuseppe Sorrentino

https://rightright.me

More from Medium

Tool Time with Caleb — Ep.1

Shell Scripting

Config ip Address interface Linux

Install Arch Linux on Kvm