The SSH config directive IdentityFile specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator hosted Ed25519 or RSA authentication identity is read. You can use this to share your Windows OpenSSH key with WSL. Assuming you've created a key pair in Windows using ssh-keygen
.
- Manually install OpenSSH in Windows Server
- Retrieve SSH public key from Active Directory for SSH authentication
First start with creating a symlink in WSL from ~/.ssh
to /mnt/c/Users/exampleuser/.ssh/
. Substitute "exampleuser" with your user name:
ln -s /mnt/c/Users/exampleuser/.ssh ~/.ssh
Next, create a file /etc/wsl.conf
, and add the following contents:
[automount]
options = "metadata,mask=22,fmask=11"
This is required because Linux uses a different user/group system than Windows does, and using this automount option adds specific metadata. Source: Chmod/Chown WSL Improvements. You also have to fix file permissions on ~/.ssh, the keys and config files:
chmod 600 ~/.ssh
chmod 644 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/config
Last, open up your ssh config
file in Windows, which is located in C:\Users\exampleuser\.ssh
, and add two IdentityFile lines. One using your Windows path and one the WSL Linux path:
Host *.example.org
IdentityFile c:/users/exampleuser/.ssh/id_ed25519
IdentityFile /mnt/c/Users/exampleuser/.ssh/id_ed25519
User exampleuser
ForwardAgent yes
ForwardAgent specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. If you have the ssh-agent service running in Windows, you can use this to connect to a host where you don't have an authorized_keys
available yet by ssh'ing into a jump host. Use with caution.