Skip to content

Instantly share code, notes, and snippets.

Last active September 16, 2024 21:55
Show Gist options
  • Save tecandrew/98d1e6e62a79640d40e7a652d2fb2e90 to your computer and use it in GitHub Desktop.
Save tecandrew/98d1e6e62a79640d40e7a652d2fb2e90 to your computer and use it in GitHub Desktop.
WSL/WSL2 Integration with 1Password SSH

On Windows Side

Enable 1Password's SSH Agent.

Using Powershell, install npiperelay via the scoop package manager.

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser # Optional: Needed to run a remote script the first time
irm | iex  # install scoop
scoop install git
scoop bucket add extras
scoop install npiperelay  # install npiperelay

On WSL Side

sudo apt update
sudo apt install socat

Add the following to your ~/.bashrc file

export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
  set -eu
  piperelay=(setsid socat "UNIX-LISTEN:$SSH_AUTH_SOCK,fork" "EXEC:npiperelay.exe -ei -s //./pipe/openssh-ssh-agent,nofork")
  if ! pgrep --full --exact --uid=${UID} "${piperelay[*]}" >/dev/null
    rm -f "$SSH_AUTH_SOCK"
    ("${piperelay[@]}" &) >/dev/null

Test 1Password SSH Agent

source ~/.bashrc
ssh -T [email protected]
Copy link

Fleshgrinder commented Nov 9, 2022

Many thanks for this, the nix ssh is simply more efficient to use with its persistent connections.

The Bash part can be simplified/hardened:

export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
  set -eu
  piperelay=(setsid socat "UNIX-LISTEN:$SSH_AUTH_SOCK,fork" "EXEC:npiperelay.exe -ei -s //./pipe/openssh-ssh-agent,nofork")
  if ! pgrep "-fxU$UID" "${piperelay[*]}" >/dev/null; then
    rm -f "$SSH_AUTH_SOCK"
    ("${piperelay[@]}" &) >/dev/null

Copy link

feamcor commented Aug 3, 2023

Many thanks for this, the nix ssh is simply more efficient to use with its persistent connections.

The Bash part can be simplified/hardened:

export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
  set -eu
  piperelay=(setsid socat "UNIX-LISTEN:$SSH_AUTH_SOCK,fork" "EXEC:npiperelay.exe -ei -s //./pipe/openssh-ssh-agent,nofork")
  if ! pgrep "-fxU$UID" "${piperelay[*]}" >/dev/null; then
    rm -f "$SSH_AUTH_SOCK"
    ("${piperelay[@]}" &) >/dev/null

The fact that setsid is in piperelay fails the pgrep.
I fixed by moving the setsid outside.

  export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
    set -eu
    piperelay=(socat "UNIX-LISTEN:${SSH_AUTH_SOCK},fork" "EXEC:npiperelay.exe -ei -s //./pipe/openssh-ssh-agent,nofork")
    if ! pgrep --full --exact --uid=${UID} "${piperelay[*]}" >/dev/null
      rm -f "${SSH_AUTH_SOCK}"
      (setsid "${piperelay[@]}" &) >/dev/null

Copy link

thanks for these recommendations! updated the gist 👌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment