Open codebam opened 2 years ago
tobiaskohlbau
commented
2 years ago Hi,
If I start wsl2-ssh-pageant.exe manually with
this behavior is inteded. As the tool itself forwards any stdin and stdout between windows and linux side. It's purpose is not to be run from the user side.
Did you check that C:\Users\swb19\AppData\Roaming\gnupg acutally consists of the file S.gpg-agent. If you've installed with admin privileges than it's Local instead of Roaming.
davidshen84
commented
2 years ago I turned on the verbose mode and got this in the log file.
2022/02/28 19:40:43 open C:UsersdavidAppDataLocalgnupg\S.gpg-agent: The system cannot find the path specified.
I tried many ways to escape the \ in my Bash script, but on the Windows side, they are always removed.
ps shows
socat UNIX-LISTEN:/home/david/.gnupg/S.gpg-agent,fork EXEC:/home/david/.ssh/wsl2-ssh-pageant.exe --verbose --gpgConfigBasepath 'C:\Users\david\AppData\Local\gnupg' --gpg S.gpg-agentIf I execute wsl2-ssh-pageant.exe --verbose --gpgConfigBasepath 'C:\Users\david\AppData\Local\gnupg' --gpg S.gpg-agent directly in my Zsh, the terminal hangs with a message OK Pleased to meet you.
So I think the command it correct, but the \ got removed at some point. I don't know if it is removed by socat, or the wsl2-ssh-pageant.exe.
tobiaskohlbau
commented
2 years ago 
codebam
commented
2 years ago this behavior is inteded. As the tool itself forwards any stdin and stdout between windows and linux side. It's purpose is not to be run from the user side.
Oh okay
Did you check that
C:\Users\swb19\AppData\Roaming\gnupgacutally consists of the fileS.gpg-agent. If you've installed with admin privileges than it's Local instead of Roaming.
Yes it contains S.gpg-agent, if I move the folder to Local instead of Roaming, or in AppData, GPG just creates it in Roaming when I start it outside of WSL2.
davidshen84
commented
2 years ago C:\Users\david\AppData\Local\gnupg
Turns out I can use C:/Users/david/AppData/Local/gnupg
For those who are still struggling, this is how I set up on my Windows 11 / WSL 2 / Ubuntu 20.04.4
export GPG_AGENT_SOCK=$HOME/.gnupg/S.gpg-agent
ss -a | grep -q $GPG_AGENT_SOCK
if [ $? -ne 0 ]; then
rm -rf $GPG_AGENT_SOCK
setsid nohup socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork EXEC:"$HOME/.ssh/wsl2-ssh-pageant.exe --verbose --gpgConfigBasepath 'C:/Users/my-username/AppData/Local/gnupg' --gpg S.gpg-agent" 2>&1 &
fithis behavior is inteded. As the tool itself forwards any stdin and stdout between windows and linux side. It's purpose is not to be run from the user side.
Oh okay
Did you check that
C:\Users\swb19\AppData\Roaming\gnupgacutally consists of the fileS.gpg-agent. If you've installed with admin privileges than it's Local instead of Roaming.Yes it contains
S.gpg-agent, if I move the folder toLocalinstead ofRoaming, or inAppData, GPG just creates it inRoamingwhen I start it outside of WSL2.
Most likely you're hitting something similar as @davidshen84 where the reference to the file is not passed in correctly. Have a look into the verbose mode and see what the log file states.
codebam
commented
2 years ago Most likely you're hitting something similar as @davidshen84 where the reference to the file is not passed in correctly. Have a look into the verbose mode and see what the log file states.
I ran it with verbose manually in my terminal because I couldn't get it to run from my .bashrc for some reason, but this is the log.
./.ssh/wsl2-ssh-pageant.exe -gpgConfigBasepath "C:\Users\swb19\AppData\Roaming\gnupg" -gpg S.gpg-agent -verbose2022/03/01 13:56:03 Starting exe
2022/03/01 13:56:05 Could not connet gpg: dial tcp [::1]:57509: connectex: No connection could be made because the target machine actively refused it.Also FYI there's a typo in the error message.
davidshen84
commented
2 years ago Can you try using the backward-slash in the Windows path?
On Wed, 2 Mar 2022, 05:59 Sean Behan, @.***> wrote:
Most likely you're hitting something similar as @davidshen84 https://github.com/davidshen84 where the reference to the file is not passed in correctly. Have a look into the verbose mode and see what the log file states.
I ran it with verbose manually in my terminal because I couldn't get it to run from my .bashrc for some reason, but this is the log.
./.ssh/wsl2-ssh-pageant.exe -gpgConfigBasepath "C:\Users\swb19\AppData\Roaming\gnupg" -gpg S.gpg-agent -verbose
2022/03/01 13:56:03 Starting exe 2022/03/01 13:56:05 Could not connet gpg: dial tcp [::1]:57509: connectex: No connection could be made because the target machine actively refused it.
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1055756657, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTOUPYVU2KL5ZRDOVVLU5ZSH3ANCNFSM5PNJEMGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
codebam
commented
2 years ago Can you try using the backward-slash in the Windows path?
Same error
./.ssh/wsl2-ssh-pageant.exe -gpgConfigBasepath 'C:/Users/swb19/AppData/Roaming/gnupg' -gpg S.gpg-agent -verbose2022/03/01 19:07:50 Starting exe
2022/03/01 19:07:53 Could not connet gpg: dial tcp [::1]:57509: connectex: No connection could be made because the target machine actively refused it.May I ask how you start your "gpg-agent" on the Windows side? I think the error is caused by the gpg agent. For me, the agent is started by triggering the "gpg"command in a Cmd terminal.
On Wed, 2 Mar 2022, 11:09 Sean Behan, @.***> wrote:
Can you try using the backward-slash in the Windows path?
Same error
./.ssh/wsl2-ssh-pageant.exe -gpgConfigBasepath 'C:/Users/swb19/AppData/Roaming/gnupg' -gpg S.gpg-agent -verbose
2022/03/01 19:07:50 Starting exe 2022/03/01 19:07:53 Could not connet gpg: dial tcp [::1]:57509: connectex: No connection could be made because the target machine actively refused it.
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1055994175, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTKQYIZBTI5C5QE7FP3U52WSNANCNFSM5PNJEMGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
codebam
commented
2 years ago GPG is working on the Windows side and I think the agent is running because gpg --card-status lists cards. I rebooted, ran gpg --card-status then opened WSL2 and ran the command again. Got the same error. No VPN, on WiFi set to public so that it doesn't share my PC on the network.
davidshen84
commented
2 years ago The error message uses IPv6 address. Maybe it has to do with IPv6 ? WSL does not support IPv6 yet.
What I don't get is that the connection should be a SOCKET connection, but the error message is about a TCP connection.
On Wed, 2 Mar 2022, 11:36 Sean Behan, @.***> wrote:
GPG is working on the Windows side and I think the agent is running because gpg --card-status lists cards. I rebooted, ran gpg --card-status then opened WSL2 and ran the command again. Got the same error.
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1056010692, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTPXIHEVRCPD5HT4O63U52ZZDANCNFSM5PNJEMGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
codebam
commented
2 years ago I get the same error in Ubuntu when running that command. Not really sure what the issue is
simonlaw0711
commented
2 years ago can run ssh-add -L but cannot run gpg --card-status
davidshen84
commented
2 years ago Do you have "scdaemon" installed?
scdaemon/focal-updates,now 2.2.19-3ubuntu2.1 amd64 [installed]
On Wed, Mar 2, 2022 at 4:02 PM simonlaw0711 @.***> wrote:
can run ssh-add -L but cannot run gpg --card-status [image: image] https://user-images.githubusercontent.com/92658511/156298460-bea9b9f6-e01f-4f92-b4a5-b2958f3b7b8b.png
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1056228041, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTMF4JLVAP7QID7I53DU53Y67ANCNFSM5PNJEMGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
tobiaskohlbau
commented
2 years ago The error message uses IPv6 address. Maybe it has to do with IPv6 ? WSL does not support IPv6 yet. What I don't get is that the connection should be a SOCKET connection, but the error message is about a TCP connection. … On Wed, 2 Mar 2022, 11:36 Sean Behan, @.> wrote: GPG is working on the Windows side and I think the agent is running because gpg --card-status lists cards. I rebooted, ran gpg --card-status then opened WSL2 and ran the command again. Got the same error. — Reply to this email directly, view it on GitHub <#37 (comment)>, or unsubscribe <github.com/notifications/unsubscribe-auth/AAAQBTPXIHEVRCPD5HT4O63U52ZZDANCNFSM5PNJEMGQ> . Triage notifications on the go with GitHub Mobile for iOS <apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: @.>
Maybe I can shine some light into the discussion.
GPG until version 4 does not support windows pipes but instead on windows it listens on a local tcp port. It writes a special file S.gpg-agent which has the port and a so called nonce in it for authentication. This is called the lib assuan protocol, somewhere deep in the web there exists some documentation about this. In case the gpg sc-daemon within wsl makes a request, the following things happen:
S.gpg-agent unix socket normally within $HOME/.gnupg/.binfmt_misc. This is all handled by wsl or in other terms MS itself.S.gpg-agent file and reads the local port and nonce.GPG4Win introduced support for windows pipes in the latest release. This would be a great option to ditch the second tcp connection and use the pipe directly. But this was non well documented when I last looked into it. In theory this is already possible with the help of another feature in wsl2-ssh-pageant, called piped ssh support. This enables the user to use the windows native ssh agent instead of a gpgagent for key handling.
@simonlaw0711 that is most likely a result of scdaemon not installed. The ssh part does not share much with the gpg part. In the above flow I described, exchange the part about another tcp connection with the option to connect to an invisible putty window. Here the intersting part is, that when putty established this solution windows did not have an equivalent to unix sockets for inter process communication. Therefore the developer of putty leveraged a then well known technique of rendering a windows offsite the screen and searching this window and establish a IPC over this windows between the pageant and putty itself. This protocol became the quasi standard as that everyone who wanted to be putty compatible implemented the same behavior. Create a windows with exactly the name pageant would do and handle ssh agent request over this connection. Thats why the option enable putty-ssh is available within gpg. This does exactly that process: launching a window offsite your screen and handling ssh agent requests.
Nowadays more and more tools leverage the windows native equivalent of unix sockets called windows named pipes. For e.g. the internal openssh compatible ssh-agent of windows uses a named pipe. Therefore it is possible to connect from wsl2-ssh-pageant to the named pipe instead of the non visiable pageant window. As I've stated before, gpg started to implement/support this feature as well for it's communication between gpg and the scdaemon.
Back to the root issue of @codebam I'm not sure why the connection to the tcp port is not possible. I recall that there exists sometimes firewall issues, cause the wsl part is run into external networks and the gpg agent only listens on local e.g. private networks. You could try to mess around with the firewall or disable it for testing purposes. (One more point for windows named pipes to avoid firewalls).
codebam
commented
2 years ago GPG4Win introduced support for windows pipes in the latest release. This would be a great option to ditch the second tcp connection and use the pipe directly
I'm using the latest GPG4Win. Is there a different GPG I could/should install?
You could try to mess around with the firewall or disable it for testing purposes
I just disabled the firewall completely for public networks (what I have it set to right now) and I get the same error.
My terminal doesn't hang anymore though, so I'm not sure what changed. I'm going to try reinstalling Ubuntu in WSL2
Edit: Reinstalled Ubuntu in WSL2, now the terminal hangs again
./.ssh/wsl2-ssh-pageant.exe -gpgConfigBasepath "C:/Users/swb19/AppData/Roaming/gnupg" -verbose2022/03/02 14:09:18 Starting execodebam@amd64:~$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such deviceexport SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then
rm -f "$SSH_AUTH_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
config_path="C:/Users/swb19/AppData/Roaming/gnupg"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath ${config_path} -verbose" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fi
export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
rm -rf "$GPG_AGENT_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
config_path="C:/Users/swb19/AppData/Roaming/gnupg"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin --gpg S.gpg-agent -gpgConfigBasepath ${config_path} -verbose" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fiWhat version of Gpg4win are you using? You should use the latest 4.0.0.
On Thu, 3 Mar 2022, 05:42 Sean Behan, @.***> wrote:
GPG4Win introduced support for windows pipes in the latest release. This would be a great option to ditch the second tcp connection and use the pipe directly
I'm using the latest GPG4Win. Is there a different GPG I could/should install?
You could try to mess around with the firewall or disable it for testing purposes
I'll try without the firewall enabled and report back
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1057261330, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTMTOB7E3TPHLEEWUMTU56ZC5ANCNFSM5PNJEMGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
codebam
commented
2 years ago What version of Gpg4win are you using? You should use the latest 4.0.0.
Using 4.0.0
delucca
commented
2 years ago I'm having the exact same issue, with both Fedora 35 and Ubuntu.
The strange thing is, it was working on my previous setup, with Windows 11 and Fedora 35. I don't remember what I did to fix it 🤦🏻
delucca
commented
2 years ago In my case I got this:
~
❯ ssh-add -L
error fetching identities: communication with agent failed
~
❯ gpg --card-status
gpg: can't connect to the gpg-agent: End of file
gpg: OpenPGP card not available: No agent runningBut gpg --card-status works on Windows side
delucca
commented
2 years ago I was able to fix it by having the same gpg.conf and gpg-agent.conf at both AppData/Roaming/gnupg and AppData/Local/gnupg
For some reason, WSL only works when the gpgConfBasepath is set to AppData/Local/gnupg (maybe a permission error?) but Windows always starts the GPG agent at AppData/Roaming/gnupg
codebam
commented
2 years ago @delucca This fixed it for me, thank you! Now when running it manually I get the OK message. For some reason it's not running in my bashrc though so I'll have to figure that out.
export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then
rm -f "$SSH_AUTH_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
config_path="C:\Users\swb19\AppData\Local\gnupg"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath ${config_path} -verbose" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fi
export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
rm -rf "$GPG_AGENT_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
config_path="C:\Users\swb19\AppData\Local\gnupg"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath ${config_path} -gpg S.gpg-agent -verbose" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fiDoesn't get past the if statements
codebam
commented
2 years ago Okay so if I run it manually I get
codebam ./.ssh/wsl2-ssh-pageant.exe -gpgConfigBasepath 'C:/Users/swb19/AppData/Local/gnu
pg' -gpg S.gpg-agent -verbose
OK Pleased to meet youThis is what I put in my .bashrc.
export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
if ! ss -a | grep -q "$SSH_AUTH_SOCK"; then
echo "0"
rm -f "$SSH_AUTH_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath 'C:/Users/swb19/AppData/Local/gnupg'" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fi
export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
echo "1"
rm -rf "$GPG_AGENT_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork"
EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath 'C:/Users/swb19/AppData/Local/gnupg' -gpg S.gpg-agent" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fiI restart WSL2 with wsl --shutdown then when I open WSL I get
0
1
nohup: ignoring input and appending output to 'nohup.out'The content of nohup.out is
2022/03/02 20:32:32 socat[295] E exactly 2 addresses required (there are 1); use option "-h" for helpNever mind I fixed it. textwidth was doing a hard line wrap at the second socat
codebam
commented
2 years ago It worked once... when I tried to run it again I got
0
1
codebam gpg --card-status
gpg: error getting version from 'scdaemon': No SmartCard daemon
gpg: OpenPGP card not available: No SmartCard daemon
codebam scdaemon --version
scdaemon (GnuPG) 2.3.4
libgcrypt 1.9.4-unknown
libksba 1.6.0
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.Edit: restarting gpg-agent on the windows side fixed it
delucca
commented
2 years ago It worked once... when I tried to run it again I got
0 1 codebam gpg --card-status gpg: error getting version from 'scdaemon': No SmartCard daemon gpg: OpenPGP card not available: No SmartCard daemon codebam scdaemon --version scdaemon (GnuPG) 2.3.4 libgcrypt 1.9.4-unknown libksba 1.6.0 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.Edit: restarting gpg-agent on the windows side fixed it
I noticed that gpg-agent is kinda tricky in Windows Side. What I did to fix it is that I created a scheduled task to automatically launch the gpg-agent during logon, with that I had no more errors or anything like that.
Daemoen
commented
2 years ago I have pretty much the exact same situation as @codebam . I am running Win11, Fedora 35 via remix, and ubuntu... I have working ssh, but I cannot get gpg itself working.
I have attempted to get verbose and logging to provide more information, but I believe that my situation is compounded by the fact that my windows username, which comes from my MSFT account... has a space in it, which makes everything path wise a pain.
What are the correct options for (as an example) C:\Users\Marc Mercer\AppData\Local\gnupg
Which argument formats, etc. I have tried forward slashes, backslashes, escaping... single quoting, even using wslpath as below... I cannot even get the logging to work at this point to see what the actual problem is.
╭─ ~ ✔ 13:14:37
╰─ ssh-add -l
256 SHA256:RlaYh9Eo2GcNWH8v3ZuDB3z7aNYPQr+gv1oZVMXzdmY cardno:12 238 876 (ED25519)
╭─ ~ ✔ 13:14:43
╰─ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such deviceWSL_DISTRO=$(lsb_release -c 2>/dev/null | cut -s -f2)
WINSSHDIR="$HOME/winhome/.ssh"
WINGPGDIR='C:\Users\Marc Mercer\AppData\Local\gnupg'
GPGDIR=$(wslpath $WINGPGDIR)
export SSH_AUTH_SOCK="$HOME/.ssh/$WSL_DISTRO-agent.sock"
ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0 ]; then
rm -f $SSH_AUTH_SOCK
(setsid nohup socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:$WINSSHDIR/wsl2-ssh-pageant.exe >/dev/null 2>&1 &)
fi
export GPG_AGENT_SOCK="$HOME/.gnupg/$WSL_DISTRO-S.gpg-agent"
ss -a | grep -q $GPG_AGENT_SOCK
if [ $? -ne 0 ]; then
rm -rf $GPG_AGENT_SOCK
(setsid nohup socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork EXEC:"$WINSSHDIR/wsl2-ssh-pageant.exe -verbose -logfile "${GPGDIR}/wsl-gpg.log" -gpgConfigBasepath ${GPGDIR} -gpg S.gpg-agent " >/dev/null 2>&1 &)
fi❯ gpg --card-status
Reader ...........: Yubico YubiKey OTP FIDO CCID 0
Application ID ...: D2760001240100000006122388760000
Application type .: OpenPGP
Version ..........: 0.0
Manufacturer .....: Yubico
Serial number ....: 12238876
Name of cardholder: Marc Mercer
Language prefs ...: en
Salutation .......: Mr.
URL of public key : https://keybase.io/daemoen/pgp_keys.asc❯ cd '.\Users\Marc Mercer\AppData\Local\gnupg'
~\AppData\Local\gnupg Marc Mercer@GamePhreakd 13:18:49
❯ ls
Directory: C:\Users\Marc Mercer\AppData\Local\gnupg
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 1/15/2022 10:11 PM 298 gpg-agent.conf
-a--- 1/15/2022 9:49 PM 22 S.dirmngr
-a--- 4/1/2022 1:06 PM 22 S.gpg-agent
-a--- 4/1/2022 1:06 PM 22 S.gpg-agent.browser
-a--- 4/1/2022 1:06 PM 22 S.gpg-agent.extra
-a--- 4/1/2022 1:06 PM 22 S.gpg-agent.ssh
-a--- 4/1/2022 1:08 PM 22 S.scdaemon❯ cat .\gpg-agent.conf
###+++--- GPGConf ---+++###
enable-ssh-support
enable-putty-support
###+++--- GPGConf ---+++### 1/15/2022 10:11:04 PM Pacific Standard Time
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.gpg-agent.conf exists in both Local and Roaming. Any additional information we need to figure out what is actually causing the issue?
davidshen84
commented
2 years ago -gpgConfigBasepath ${GPGDIR}
This is incorrect. Please use windows path not Linux path
On Sat, Apr 2, 2022, 07:22 Marc Mercer @.***> wrote:
I have pretty much the exact same situation as @codebam https://github.com/codebam . I am running Win11, Fedora 35 via remix, and ubuntu... I have working ssh, but I cannot get gpg itself working.
I have attempted to get verbose and logging to provide more information, but I believe that my situation is compounded by the fact that my windows username, which comes from my MSFT account... has a space in it, which makes everything path wise a pain.
What are the correct options for (as an example) C:\Users\Marc Mercer\AppData\Local\gnupg
Which argument formats, etc. I have tried forward slashes, backslashes, escaping... single quoting, even using wslpath as below... I cannot even get the logging to work at this point to see what the actual problem is. Linux
╭─ ~ ✔ 13:14:37
╰─ ssh-add -l
256 SHA256:RlaYh9Eo2GcNWH8v3ZuDB3z7aNYPQr+gv1oZVMXzdmY cardno:12 238 876 (ED25519)
╭─ ~ ✔ 13:14:43
╰─ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
WSL_DISTRO=$(lsb_release -c 2>/dev/null | cut -s -f2)
WINSSHDIR="$HOME/winhome/.ssh"
WINGPGDIR='C:\Users\Marc Mercer\AppData\Local\gnupg'
GPGDIR=$(wslpath $WINGPGDIR)
export SSH_AUTH_SOCK="$HOME/.ssh/$WSL_DISTRO-agent.sock"
ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0 ]; then
rm -f $SSH_AUTH_SOCK (setsid nohup socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:$WINSSHDIR/wsl2-ssh-pageant.exe >/dev/null 2>&1 &)fi
export GPG_AGENT_SOCK="$HOME/.gnupg/$WSL_DISTRO-S.gpg-agent"
ss -a | grep -q $GPG_AGENT_SOCK
if [ $? -ne 0 ]; then
rm -rf $GPG_AGENT_SOCK (setsid nohup socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork EXEC:"$WINSSHDIR/wsl2-ssh-pageant.exe -verbose -logfile "${GPGDIR}/wsl-gpg.log" -gpgConfigBasepath ${GPGDIR} -gpg S.gpg-agent " >/dev/null 2>&1 &)fi
Windows
❯ gpg --card-status
Reader ...........: Yubico YubiKey OTP FIDO CCID 0
Application ID ...: D2760001240100000006122388760000
Application type .: OpenPGP
Version ..........: 0.0
Manufacturer .....: Yubico
Serial number ....: 12238876
Name of cardholder: Marc Mercer
Language prefs ...: en
Salutation .......: Mr.
URL of public key : https://keybase.io/daemoen/pgp_keys.asc
❯ cd '.\Users\Marc Mercer\AppData\Local\gnupg'
~\AppData\Local\gnupg Marc @.*** 13:18:49
❯ ls
Directory: C:\Users\Marc Mercer\AppData\Local\gnupgMode LastWriteTime Length Name
-a--- 1/15/2022 10:11 PM 298 gpg-agent.conf
-a--- 1/15/2022 9:49 PM 22 S.dirmngr
-a--- 4/1/2022 1:06 PM 22 S.gpg-agent
-a--- 4/1/2022 1:06 PM 22 S.gpg-agent.browser
-a--- 4/1/2022 1:06 PM 22 S.gpg-agent.extra
-a--- 4/1/2022 1:06 PM 22 S.gpg-agent.ssh
-a--- 4/1/2022 1:08 PM 22 S.scdaemon
❯ cat .\gpg-agent.conf
+++--- GPGConf ---+++
enable-ssh-support
enable-putty-support
+++--- GPGConf ---+++### 1/15/2022 10:11:04 PM Pacific Standard Time
GPGConf edited this configuration file.
It will disable options before this marked block, but it will
never change anything below these lines.
gpg-agent.conf exists in both Local and Roaming. Any additional information we need to figure out what is actually causing the issue?
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1086292021, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTJY4JSI2CD4XSF73PDVC5LHNANCNFSM5PNJEMGQ . You are receiving this because you were mentioned.Message ID: @.***>
Daemoen
commented
2 years ago I have used the windows path as well. Did you see my question about proper format because my username has a space in it? Since this is in bashrc, I normally single quote it, but doesn't seem to matter how I format it, I can't make it work...additionally, I even show that the variable is using the windows path format. The wslpath was just my most recent attempt to get it working
davidshen84
commented
2 years ago What did the verbose log say? I think you need to quote the path because your username has a space, or use the window convention to escape the space.
On Sat, Apr 2, 2022, 08:14 Marc Mercer @.***> wrote:
I have used the windows path as well. Did you see my question about proper format because my username has a space in it? Since this is in bashrc, I normally single quote it, but doesn't seem to matter how I format it, I can't make it work...additionally, I even show that the variable is using the windows path format. The wslpath was just my most recent attempt to get it working
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1086330247, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTMDQ446JH5HZ7RLHVTVC5RK5ANCNFSM5PNJEMGQ . You are receiving this because you were mentioned.Message ID: @.***>
Daemoen
commented
2 years ago Unfortunately, I have yet to be able to get the verbose logfile working, or logging at all working. If I could get that to work, I wouldn't have an issue debugging.
This is my most current iteration, which still isn't getting me a logfile, or a working gpg-agent handoff. SSH works fine though
#!/usr/bin/env bash
WINSSHDIR="$HOME/winhome/.ssh"
WINGPGSOCK='"C:\Users\Marc Mercer\AppData\Local\gnupg\S.gpg-agent"'
NPIPERELAY_URL="https://github.com/NZSmartie/npiperelay/releases/download/v0.1/npiperelay.exe"
if [ -n "$WSL_DISTRO_NAME" ]; then
APPDATA="$(wslvar appdata)"
APPDATA="${APPDATA//\\/\/}"
NPIPERELAY_WIN="$APPDATA/wsl2-ssh-gpg-npiperelay.exe"
NPIPERELAY="$(wslpath "$NPIPERELAY_WIN")"
if [ ! -f "$NPIPERELAY" ]; then
curl -L -q -o "$NPIPERELAY" "$NPIPERELAY_URL"
fi
fi
export SSH_AUTH_SOCK="$HOME/.ssh/$WSL_DISTRO_NAME-agent.sock"
ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0 ]; then
rm -f $SSH_AUTH_SOCK
setsid --fork socat "UNIX-LISTEN:$SSH_AUTH_SOCK,fork" "EXEC:$WINSSHDIR/wsl2-ssh-pageant.exe" > /dev/null 2>&1
fi
export GPG_AGENT_SOCK="$HOME/.gnupg/$WSL_DISTRO_NAME-S.gpg-agent"
ss -a | grep -q $GPG_AGENT_SOCK
if [ $? -ne 0 ]; then
rm -rf $GPG_AGENT_SOCK
#setsid --fork socat UNIX-LISTEN:"$GPG_AGENT_SOCK",fork EXEC:"$NPIPERELAY -ei -ep -s -a $WINGPGSOCK",nofork
setsid --fork socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork EXEC:"$WINSSHDIR/wsl2-ssh-pageant.exe -logfile pageant-gpg.log -gpgConfigBasepath \"C:/Users/Marc Mercer/AppData/Local/gnupg\" -gpg S.gpg-agent"
fiI have also tried redirecting the output from socat and such back to a logfile via > pageant.log 2>&1 and such... I cannot seem to get a logfile from the exe. Will wait to see if anyone else has any ideas. I've tried countless variations, including even attempting to see if I could get gpg to work via npiperelay (as shown in the current iteration)
davidshen84
commented
2 years ago Hi,
https://github.com/BlackReloaded/wsl2-ssh-pageant/blob/main/main.go#L39
the log file is written next to the executable on the Windows side, not in wsl. Are you looking at the right place?
restart your computer. Make sure you execute "gpg --card-stauts" on the Windows side first before trying in wsl. Because the gpg-agent has to start on the Windows side first.
On Sat, Apr 2, 2022, 17:11 Marc Mercer @.***> wrote:
Unfortunately, I have yet to be able to get the verbose logfile working, or logging at all working. If I could get that to work, I wouldn't have an issue debugging.
This is my most current iteration, which still isn't getting me a logfile, or a working gpg-agent handoff. SSH works fine though
!/usr/bin/env bash
WINSSHDIR="$HOME/winhome/.ssh" WINGPGSOCK='"C:\Users\Marc Mercer\AppData\Local\gnupg\S.gpg-agent"' NPIPERELAY_URL="https://github.com/NZSmartie/npiperelay/releases/download/v0.1/npiperelay.exe"
if [ -n "$WSL_DISTRO_NAME" ]; then APPDATA="$(wslvar appdata)" APPDATA="${APPDATA//\/\/}" NPIPERELAY_WIN="$APPDATA/wsl2-ssh-gpg-npiperelay.exe" NPIPERELAY="$(wslpath "$NPIPERELAY_WIN")"
if [ ! -f "$NPIPERELAY" ]; then curl -L -q -o "$NPIPERELAY" "$NPIPERELAY_URL" fifi
export SSH_AUTH_SOCK="$HOME/.ssh/$WSL_DISTRO_NAME-agent.sock" ss -a | grep -q $SSH_AUTH_SOCK if [ $? -ne 0 ]; then rm -f $SSH_AUTH_SOCK setsid --fork socat "UNIX-LISTEN:$SSH_AUTH_SOCK,fork" "EXEC:$WINSSHDIR/wsl2-ssh-pageant.exe" > /dev/null 2>&1 fi
export GPG_AGENT_SOCK="$HOME/.gnupg/$WSL_DISTRO_NAME-S.gpg-agent" ss -a | grep -q $GPG_AGENT_SOCK if [ $? -ne 0 ]; then rm -rf $GPG_AGENT_SOCK
setsid --fork socat UNIX-LISTEN:"$GPG_AGENT_SOCK",fork EXEC:"$NPIPERELAY -ei -ep -s -a $WINGPGSOCK",nofork
setsid --fork socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork EXEC:"$WINSSHDIR/wsl2-ssh-pageant.exe -logfile pageant-gpg.log -gpgConfigBasepath \"C:/Users/Marc Mercer/AppData/Local/gnupg\" -gpg S.gpg-agent"fi
I have also tried redirecting the output from socat and such back to a logfile via > pageant.log 2>&1 and such... I cannot seem to get a logfile from the exe. Will wait to see if anyone else has any ideas. I've tried countless variations, including even attempting to see if I could get gpg to work via npiperelay (as shown in the current iteration)
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1086560098, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTOFVMOWFI6LAEEHGM3VC7QKDANCNFSM5PNJEMGQ . You are receiving this because you were mentioned.Message ID: @.***>
Daemoen
commented
2 years ago Have literally checked everything and everywhere (as shown in the gist below). My entire setup/all information that I could think to include is posted here:
https://gist.github.com/Daemoen/c47718f650570cc58c3b30b7699d9e7f
codebam
commented
2 years ago @Daemoen see my comments and working configs. Just make sure to remove the line break on the line containing socat as per my later comment.
Daemoen
commented
2 years ago @codebam I have tried those configs, and pretty much every other possible method I could think of. I believe the issue arises because my username (windows) has a space in it. I am going to try making a new user without the space and see if there is any discernable difference. I have posted every bit of information I have, showing my exact configs in the gist above.
dominik-ba
commented
2 years ago It worked once... when I tried to run it again I got
0 1 codebam gpg --card-status gpg: error getting version from 'scdaemon': No SmartCard daemon gpg: OpenPGP card not available: No SmartCard daemon codebam scdaemon --version scdaemon (GnuPG) 2.3.4 libgcrypt 1.9.4-unknown libksba 1.6.0 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.Edit: restarting gpg-agent on the windows side fixed it
there seems to be an issue with win (11?) and wingpg and yubikeys and a second run of gpg --card-status: https://www.reddit.com/r/yubikey/comments/sn20ga/gpg_cardstatus_works_only_once_on_windows/
davidshen84
commented
2 years ago No, I think it has something to do with the UI tool comes with wingpg. If you shut it down, gpg command works fine on the Windows side.
On Sun, Apr 10, 2022, 06:09 Dominik Bartsch @.***> wrote:
It worked once... when I tried to run it again I got
0 1 codebam gpg --card-status gpg: error getting version from 'scdaemon': No SmartCard daemon gpg: OpenPGP card not available: No SmartCard daemon codebam scdaemon --version scdaemon (GnuPG) 2.3.4 libgcrypt 1.9.4-unknown libksba 1.6.0 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later https://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Edit: restarting gpg-agent on the windows side fixed it
there seems to be an issue with win (11?) and wingpg and yubikeys and a second run of gpg --card-status: https://www.reddit.com/r/yubikey/comments/sn20ga/gpg_cardstatus_works_only_once_on_windows/
— Reply to this email directly, view it on GitHub https://github.com/BlackReloaded/wsl2-ssh-pageant/issues/37#issuecomment-1094117231, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQBTPATMNTGAC7QQPMIKDVEHPX7ANCNFSM5PNJEMGQ . You are receiving this because you were mentioned.Message ID: @.***>
JeremyTheocharis
commented
2 years ago FYI: For me this worked using the gpgConfigBasepath addition to by bashrc / zshrc and pointing to my local appdata (instead of roaming). Maybe becuase I do not have a space in my windows username?
Daemoen
commented
2 years ago Found the issue. I hadn't reconfigured the S.gpg-agent redirect parameter since I had reinstalled this system. Normally S.gpg-agent would be the actual socket that gpg itself reads from within the distribution. In my case I use a pretty unique setup with mounted remote home folders on my wsl distros, so I had started to separate the sockets a while back. To do this, you have to use:
%Assuan%
socket=${HOME}/.gnupg/match-the-socat-socket-from-rc-fileMaybe this will help someone else sometime.
Describe the bug
Followed all the steps, get this when running
gpg --card-statusafterwsl --shutdownFedora
Ubuntu
Cards are visible outside of WSL2
To Reproduce Steps to reproduce the behavior:
.bashrcwsl --shutdownExpected behavior
gpg --card-statuswould show cards.Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
/c/Users/myuser/AppData/Roaming/gnupg/gpg-agent.confPuTTY, Gpg4Win, and Git installed with winget
Relevant
.bashrclinesIf I start
wsl2-ssh-pageant.exemanually withIt makes my entire shell hang and I have to close the Window, however
Shows the help just fine