look@me

Bit #5: Using Bitwarden's SSH agent in WSL2

All desktop clients of Bitwarden ship with a built-in SSH agent. After enabling it in the settings, we can use our SSH keys, which are securely stored in Bitwarden, for SSH authentication.

To use Bitwarden's SSH agent in WSL2, we can forward the SSH agent from Windows to WSL2. With npiperelay, we can easily access Windows named pipes. Using socat, we can bridge the SSH agent in our WSL2 environment to the Windows SSH agent.

  1. Download npiperelay from GitHub.

  2. Extract the npiperelay.exe binary to a folder of our choice, e.g., C:\npiperelay.exe.

  3. Make the npiperelay.exe binary accessible from WSL2.

    sudo ln -s /mnt/c/npiperelay.exe /usr/local/bin/npiperelay.exe
    
  4. Add the following code snippet to our ~/.bashrc or ~/.zshrc to set up the SSH agent socket and start socat if the socket is not active.

    export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
    
    # Check if the SSH agent socket is active; if not, recreate it
    if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then
      # Remove any existing socket file
      rm -f "$SSH_AUTH_SOCK"
      # Start socat to bridge the SSH agent socket to npiperelay (for Windows SSH agent integration)
      (setsid socat UNIX-LISTEN:"$SSH_AUTH_SOCK",fork EXEC:"npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1
    fi
    

Hint: npiperelay does not appear to be actively maintained.

#bits #security #windows #wsl