Bit #5: Using Bitwarden's SSH agent in WSL2
All desktop clients of Bitwarden ship with a built-in SSH agent. After enabling it in the settings, we can use our SSH keys, which are securely stored in Bitwarden, for SSH authentication.
To use Bitwarden's SSH agent in WSL2, we can forward the SSH agent from Windows to WSL2. With npiperelay, we can easily access Windows named pipes. Using socat
, we can bridge the SSH agent in our WSL2 environment to the Windows SSH agent.
Download
npiperelay
from GitHub.Extract the
npiperelay.exe
binary to a folder of our choice, e.g.,C:\npiperelay.exe
.Make the
npiperelay.exe
binary accessible from WSL2.sudo ln -s /mnt/c/npiperelay.exe /usr/local/bin/npiperelay.exe
Add the following code snippet to our
~/.bashrc
or~/.zshrc
to set up the SSH agent socket and startsocat
if the socket is not active.export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock" # Check if the SSH agent socket is active; if not, recreate it if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then # Remove any existing socket file rm -f "$SSH_AUTH_SOCK" # Start socat to bridge the SSH agent socket to npiperelay (for Windows SSH agent integration) (setsid socat UNIX-LISTEN:"$SSH_AUTH_SOCK",fork EXEC:"npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1 fi
Hint: npiperelay
does not appear to be actively maintained.