Linux – Windows 10 Linux subsystem ssh-agent not persisting added identities

ssh-agentwindows 10windows-subsystem-for-linux

I have started using my Windows 10 for Rails development and am using Linux subsystem for the same.

Recently I faced an issue connecting to a remote machine via SSH from the terminal. The public key is already available on the remote machine.

After doing some troubleshooting based on the resources I found on web I noticed that SSH agent was not running because ssh-add -l command didn't provided the expected output.

To make the SSH agent launch on startup I followed the instructions at https://github.com/abergs/ubuntuonwindows#2-start-an-bash-ssh-agent-on-launch and it worked flawlessly.

Now that SSH agent launches automatically I added my identity file to it using command ssh-add path/to/identity/file..

Note that while generating SSH keys I used custom file name id_work_gmail and id_work_gmail.pub. Thus I had to add it to the agent using above command.

After doing that I can successfully connect to remote machine through SSH.

Until this everything was going smooth. However as soon as I closed each of the Cmder Ubuntu Bash consoles and started a new one ssh-add -l informed The agent has no identities.. So again I had to add my custom-named identity file to the agent.

So this is something I need to do every-time I kill each of the Ubuntu Bash consoles and start a fresh one.

My question is how can we make the ssh-add path/to/identity/file/custom-named action persistent like it happens on actual Ubuntu machine. And am curious to know what is it that makes it a one-time activity on Ubuntu machine and a repeated activity on Windows 10 Linux Subsystem.

Thanks.

Best Answer

And am curious to know what is it that makes it a one-time activity on Ubuntu machine and a repeated activity on Windows 10 Linux Subsystem.

Normally, the ssh-agent runs in your session so it does not close earlier than you logout from your account in Linux.

If you use it from WLS and close the (probably) last window, it does reasonable cleanup and probably stops your ssh-agent, which is reasonable and safe to remove sensitive data from memory.

My question is how can we make the ssh-add path/to/identity/file/custom-named action persistent like it happens on actual Ubuntu machine.

Just do not close that window (or leave one opened on background ... it might help too). Or configure ssh to do that step automatically when you use the key for the first time. Just write to your ~/.ssh/config

Host server-you-are-connecting.to
  IdentityFile path/to/identity/file/custom-named
  AddKeysToAgent yes

Related Solutions

Delete key from ssh-agent on Mac OS X 10.6

You can open Keychain Access located in /Applications/Utilities/ and navigate to your login keychain .

Once there, you can delete SSH keys. They should look like SSH: /Users/your username/.ssh/key name SSH Key

Linux – Windows 10 Linux Subsystem SSH client Resource temporarily unavailable

As far as I can tell, this is a bug in WSL. Hopefully, Microsoft will fix it in the next build. But for now, we can use this slightly ugly hack.

Update #1: Definitely a bug. Found this issue on Github. Thier proposed workaround of relaunching the shell works for me as well if you don't want to go through all of this.

TL;DR Add this to END your SSH config (usually located at ~/.ssh/config):

Host *
    ProxyCommand nc %h %p %r

Here's why it works: Our SSH issue is not a firewall issue because nc and telnet work to the same host and port (try telnet <host> <port> or nc <host> <port>: you should see something like SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7). This we can use to our advantage.

SSH allows the use of proxies that take standard input and send it to the server's port via the ProxyCommand option. This is normally used to tunnel into networks to a protected host by using an in-between bastion SSH server, sometimes called a jump host (see this link for more info).

This hack tells SSH to use a proxy with no jump host(s). So, it gets around SSH's failed allocation of TCP resources by pushing all of the network resource allocation onto Netcat, which does work. SSH just does its SSH thing without any network connections, and Netcat sends the raw data over a TCP connection to the SSH server.

WARNING: Since this modifies the ProxyCommand for all hosts, I do not know how it interacts with other SSH config hosts that use ProxyCommand. I have a few servers with which I can test this, and I will update this answer with the results. There is a chance that there are no detrimental side effects, but I cannot guarantee that.

Update #2: I did some testing with a few of my servers, and this appears to work. SSH uses the uppermost entry in the config when multiple entries apply. Thus, an existing ProxyCommand present above this hack would override it. When the new SSH command is executed, it re-reads the SSH config, and if there is no other ProxyCommand, SSH uses our hack ProxyCommand, allowing it to only apply to the "outermost" SSH session. Word of warning: if you put the hack at the top of the config file (or above the entry you are trying to SSH to), SSH sessions that require a ProxyCommand will ignore the other ProxyCommand and instead attempt to resolve the address of the host and connect directly with Netcat.

Best Answer

Related Solutions

Delete key from ssh-agent on Mac OS X 10.6

Linux – Windows 10 Linux Subsystem SSH client Resource temporarily unavailable

Related Question