Support SSH_AUTH_SOCK Unix Domain Sockets for Windows

[andrewpmartinez]

gpg and gpg-agent support opening a Unix Domain Socket in Windows for use with SSH. However, this appears to fail as OpenSSH for Windows does not support Unix Domain Sockets when configured in SSH_AUTH_SOCK.

There are ways to bridge this using third-party programs such as https://github.com/benpye/wsl-ssh-pageant and configuring gpg and gpg-agent to run in pageant mode and using the aforementioned program to open a named pipe that can work with OpenSSH for Windows when set to SSH_AUTH_SOCK.

[WSLUser]

There is some limited support for AF_Unix https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/ with interop with WSL:https://devblogs.microsoft.com/commandline/windowswsl-interop-with-af_unix/. Likely this socket support will be added to same place as the AF_Unix code and possibly re-use some of it.

[Rondom]

I have requested this some time ago in #1024 and it is tagged as "0 - Backlog", now

[bagajjal]

@Rondom , @adityapatwardhan , @WSLUser - We have very limited resources to work on this project. This is not prioritized currently.

[bagajjal]

We always welcome community support.

[WSLUser]

@bagajjal Unless Windows is open-sourced, nobody outside of the company has access to the code changes needed internally. Without those internal changes, anything done in this project will be unable to be validated. Support of this project really ought to be more considered as security should come first before anything else, which this project is specifically based on. The RDP work for RAIL and VAIL are awesome but not substitutes for openssh as a remote communication protocol.

[bagajjal]

@WSLUser - Looks like there is some misunderstanding here. Win32-openssh shipped into windows is compiled from Microsoft internal repository. We are mandated to use Microsoft internal repository for fixing any security bugs (which are shipped first through windows update and later shipped as github release) and CI system mandates us to maintain an internal repo.

Having said that, the Microsoft internal repository code is 99% close to github repository. Eventually the code changes from Microsoft internal repository will flow to github repository.

To summarize, github openssh community can always contribute. fyi, there are many PRs from community that got merged into github and shipped as windows release and github release.

[WSLUser]

Specifically for the socket support as raised in this issue and the other, that support needs to come from Windows, not openssh. Win32-OpenSSH needs to be updated to allow usage of SSH_AUTH_SOCK but that socket communication protocol needs to be implemented in the Windows source code and it's highly likely that support to be added in the same place as the AF_Unix code. I understand there's a Linux Systems Group in MS that handles all sorts of Linux things. This request would fall in scope of that group to assign to the appropriate team to be implemented. Code changes needed in Windows don't equal the code changes needed in Win32-OpenSSH.

[bagajjal]

Agree. I think this is the correct repo https://github.com/microsoft/WSL/issues to open an issue.

[WSLUser]

Well they're on the group and maybe can forward it but I don't think the WSL devs themselves do the work (though I think they did before for AF_Unix as that Linux Systems Group didn't exist yet as far as I'm aware).

[WSLUser]

We've been officially punted back to this issue for tracking internally at MS. I expect once the new year hits, somebody will reach out to you @bagajjal.

[andrewpmartinez]

Is there any update on this issue? Or is there a better source other than this issue?