TIL: You can use 1Password's SSH Agent in WSL, and it's not that complicated.

I've been using Windows + WSL as my main driver for a few weeks, and one of the things I missed the most was the ease of setup of the 1Password's SSH agent and Linux or macOS.

After searching for a while, I found one thread in the 1Password Community forum that linked to a post containing the steps to forward the SSH Agent requests from WSL to the Windows' SSH agent.

Amazingly, you don't have to do anything extra to make it work with 1Password SSH agent, and I'll write the steps I did to activate it below.

Enable 1Password SSH Agent

If you have not created or imported your SSH keys into 1Password, you can do it by following this article.

To activate 1Password's SSH agent, you must have Windows Hello activated. You can learn more about Windows Hello in this article.

Open your 1Password settings and go to the “Developer” section. You need to check the “Use the SSH agent” checkbox.

That's all we need to do to activate the SSH agent.

Download npiperelay

To communicate between WSL and the 1Password SSH agent, we'd need to use npiperelay. This tool allows WSL to communicate with Windows' named pipes.

To install it, we need to open the GitHub repository and download the latest release. At the time of writing this post, the latest release is v0.1.0 from July 2, 2020.

Unzip it, and paste the npiperelay.exe file in any folder that's configured in your system's PATH.

If you don't know how to modify your system's PATH, you can learn how to do it in this article.

Connect WSL with 1Password's SSH agent

Now that we have the prerequisites fulfilled, we can connect our WSL distro with the SSH agent.

I'm using Ubuntu as my WSL distro, this may change if you're using another distro.

We need to install socat which is a utility to transfer data between channels, this tool will use npiperelay to then communicate with the named pipes.

sudo apt install socat

In your WSL terminal, create a new folder named .1password in your home directory:

mkdir $HOME/.1password

Create a new file named .agent-bridge.sh in your home directory. You can name this file whatever you want, this naming was just a personal preference from me.

touch $HOME/.agent-bridge.sh && chmod +x $HOME/.agent-bridge.sh

And add the following content to the newly created file:

# Code extracted from https://stuartleeks.com/posts/wsl-ssh-key-forward-to-windows/ with minor modifications

# Configure ssh forwarding
export SSH_AUTH_SOCK=$HOME/.1password/agent.sock
# need `ps -ww` to get non-truncated command for matching
# use square brackets to generate a regex match for the process we want but that doesn't match the grep command running it!
ALREADY_RUNNING=$(ps -auxww | grep -q "[n]piperelay.exe -ei -s //./pipe/openssh-ssh-agent"; echo $?)
if [[ $ALREADY_RUNNING != "0" ]]; then
    if [[ -S $SSH_AUTH_SOCK ]]; then
        # not expecting the socket to exist as the forwarding command isn't running (http://www.tldp.org/LDP/abs/html/fto.html)
        echo "removing previous socket..."
        rm $SSH_AUTH_SOCK
    fi
    echo "Starting SSH-Agent relay..."
    # setsid to force new session to keep running
    # set socat to listen on $SSH_AUTH_SOCK and forward to npiperelay which then forwards to openssh-ssh-agent on windows
    (setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1
fi

Open .bashrc (or your shell's configuration file if you don't use BASH), and add the following line at the end of the file:

source $HOME/.agent-bridge.sh

Reset your Windows Terminal, and you should be able to see your keys imported into 1Password when listing the keys added to the agent.

You won't have to repeat this process again, as long as you don't remove any configuration we created.

--

I'm happy to have found a way to use my SSH keys stored in 1Password when using WSL, it eases the things a bit for me as I haven't used Windows in at least a decade. I'm still trying to make myself comfortable in this operating system, but I guess time will tell what happens.

Nevertheless, WSL has been an amazing tool, and I'd like to thank everyone involved on it.