With the recent-ish announcement of Bitwarden being able to store SSH keys, I’ve been playing around to get it to work in my WSL2 Ubuntu host. While I normally use a windows machine, I do a lot in WSL2 for dev & ops.
As 1Password has had this functionality for awhile, many of the references are from that (or even the built-in openssh functionality of windows).
Configure and enable the the windows ssh-agent functionality as per the Bitwarden instructions. Once that is complete, you will be able to access keys stored in Bitwarden from Powershell via
ssh-add -L
In powershell, install npiperelay (I used chocolatey, but you can use whatever, just get where the exe is installed so you can modify the script later)
choco install npiperelay
In WSL2, install socat
sudo apt install socat
In WSL2 create a script that will rebind the ssh-agent. I save this as ~/scripts/agent-bridge.sh
.
export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock
ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0 ]; then
rm -f $SSH_AUTH_SOCK
( setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"/mnt/c/ProgramData/chocolatey/lib/npiperelay/tools/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork & ) >/dev/null 2>&1
fi
Make the script executable
chmod +x ~/scripts/agent-bridge.sh
Edit your ~/.bashrc and add the following line at the end
source ~/scripts/agent-bridge.sh
Restart your shell and then you should be able to list your current keys with ssh-add -l
!
Comments
4 responses to “Bitwarden ssh-agent on WSL2”
Nice post! I got it working with a few minor changes:
I used winget to install (https://winstall.app/apps/albertony.npiperelay)
Then in the agent-bridge.sh script just used npiperelay.exe without path as it is added to the Windows Path environment variable by winget (don’t know if choco also does this)
Thank you, worked like a charm!
I’ve used winget to install npiperelay. The executable for me was at “/mnt/c/Users/samuel/AppData/Local/Microsoft/WinGet/Packages/albertony.npiperelay_Microsoft.Winget.Source_8wekyb3d8bbwe/npiperelay.exe”
Made a script to automate all the setup here: https://blog.jkwmoore.dev/bitwarden-desktop-client-as-ssh-agent-with-wsl.html
Oh nice, that makes it a lot easier. Thanks for the link!