Don’t want to copy over your ssh keys from Windows to WSL Linux? Or generate new ones? Then share your Windows OpenSSH key with WSL! The OpenSSH config gives you the option to share keys using an IdentityFile directive. Here is how you can share your keys between Windows 10 and WSL.
The SSH config directive IdentityFile specifies a file from which the user’s DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator hosted Ed25519 or RSA authentication identity is read. You can use this to share your Windows OpenSSH key with WSL. Assuming you’ve created a key pair in Windows using ssh-keygen
.
First start with creating a symlink in WSL from ~/.ssh
to /mnt/c/Users/exampleuser/.ssh/
. Substitute “exampleuser” with your user name:
ln -s /mnt/c/Users/exampleuser/.ssh ~/.ssh
Next, create a file /etc/wsl.conf
, and add the following contents:
[automount]
options = "metadata,mask=22,fmask=11"
Code language: JavaScript (javascript)
This is required because Linux uses a different user/group system than Windows does, and using this automount option adds specific metadata. Source: Chmod/Chown WSL Improvements. You also have to fix file permissions on ~/.ssh, the keys and config files:
chmod 600 ~/.ssh chmod 644 ~/.ssh/id_ed25519 chmod 644 ~/.ssh/config
Last, open up your ssh config
file in Windows, which is located in C:\Users\exampleuser\.ssh
, and add two IdentityFile lines. One using your Windows path and one the WSL Linux path:
Host *.example.org
IdentityFile c:/users/exampleuser/.ssh/id_ed25519
IdentityFile /mnt/c/Users/exampleuser/.ssh/id_ed25519
User exampleuser
ForwardAgent yes
Code language: JavaScript (javascript)
ForwardAgent specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. If you have the ssh-agent service running in Windows, you can use this to connect to a host where you don’t have an authorized_keys
available yet by ssh’ing into a jump host. Use with caution.
More OpenSSH in Windows Server and Windows 11 / Windows 10, the series
Here on Sysadmins of the North are more posts in a series of posts about OpenSSH in Windows. Whether it’s Windows Server or Windows 11 / 10. You may find these posts interesting:
- Tunnel RDP through SSH & PuTTY
- How to share OpenSSH keys with WSL in Windows 10
- Manually install OpenSSH in Windows Server
- Retrieve SSH public key from Active Directory for SSH authentication
- Windows 11/10 and WSL 2 DevOps environment
- YubiKey support in OpenSSH for Windows 11 and Windows 10
- Connect to a KVM host through an ssh tunnel and arbitrary port in Windows 11 and WSL 2
I hope you like it, let me know.
Very Nice.
Can we share a running agent in Windows and use it in WSL? (https://interworks.com/blog/2021/09/15/setting-up-ssh-agent-in-windows-for-passwordless-git-authentication/)
Thanks for your comment Germán!
Unfortunately, you cannot use the native Win32-OpenSSH ssh-agent in WSL. I have quite a few posts related to OpenSSH spread out here on Saotn.org, sorry for that. My post “Windows 11/10 and WSL 2 DevOps environment” mentions this and a workaround.