Closed avggeek closed 4 years ago
@benpye May I know if you are still maintaining this tool? This is the only one I’ve seen so far that does both WSL and native SSH so it would be great to get it working.
Hey @avggeek - sorry I've taken so long to look at this. Looking at that SSH log it doesn't look like it's trying the agent at all. You should be able to verify that by running wsl-ssh-pageant with the verbose flag.
I've noticed the SSH build shipping in Windows is sometimes a little flakey, have you tried the newer build from https://github.com/PowerShell/Win32-OpenSSH/releases ?
And just to check, are you trying WSL 1 or WSL 2? Unfortuantely AF_UNIX sockets are not yet supported in WSL 2 though there is a way to get around this with socat and npiperelay if necessary.
Hi @benpye. I will give a quick update first on the outcome of trying the various suggestions you mentioned:
You should be able to verify that by running wsl-ssh-pageant with the verbose flag.
Running wsl-ssh-pageant with the verbose flag did not throw any errors. BTW, the README does not mention the presence of a -verbose
flag.
And just to check, are you trying WSL 1 or WSL 2?
I am running on WSL1
I've noticed the SSH build shipping in Windows is sometimes a little flakey, have you tried the newer build from https://github.com/PowerShell/Win32-OpenSSH/releases ?
There's a fairly long explanation below but TL;DR - RSA key lengths of <1024 keys which are supported by Putty but not by OpenSSH 7.6 and higher.
So interestingly, trying to run test everything again with the newest release of Win32-OpenSSH gave me my first clue on the source of this issue. If you look at the ssh
debug log I had shared above, there is a very interesting line in there:
debug1: pubkey_prepare: ssh_fetch_identitylist: Invalid key length
The invalid key length message was something I had recently encountered when trying to push code to bitbucket.org repo's. I eventually noticed that my Bitbucket public key showed a key length of 1023 chars. If you are wondering how that oddly specific key-length came about the answer to that lies in the puttygen
documentation: puttygen-strength.
By itself a key length of <1024 chars isn't a problem (well apart from an opsec perspective) but OpenSSH 7.6 release notes list a potential breaking change:
Refuse RSA keys <1024 bits in length and improve reporting for keys that do not meet this requirement.
OpenSSH 7.9 is the default in Debian 10 (compared to OpenSSH 7.4 in Debian 9) so I assume this change is relatively new.
Anyway once I saw that invalid key length message, I verified that this was the source of the issue by going to WSL and running ssh-add -l
which showed the error error fetching identities: Invalid key length
.
Once I removed the key with key-length of 1023 bits from Pageant, ssh-add -l
started showing me a list of available keys and I was able to login using my SSH keys in Pageant both in WSL and the Windows 10 SSH client (both shipping build and pre-release versions).
Figured I would document my debugging process here for anyone else who uses this tool and finds themselves stuck on this problem.
I'm going to close this bug as the issue appears to be resolved.
Hello,
I've been trying to login to a server using keys loaded in pageant, but have had no luck with either WSL or Windows SSH. The steps I have done so far:
Ensure pageant is running with various keys
Run
wsl-ssh-pageant
with the following commandwsl-ssh-pageant-amd64-gui.exe -force -systray -wsl C:\Users\avggeek\.wsl-ssh\ssh-agent.sock -winssh ssh-pageant
Set
SSH_AUTH_SOCK
incmd.exe
using the following commandset SSH_AUTH_SOCK=\\.\pipe\ssh-pageant
Try to login to a server which has keys loaded in pageant using the following command
ssh -vvvv -T avggeek@XX.XX.XXX.XXX -p 122
SSH login does not find the loaded keys, and instead prompts me to enter a password:
It seems like the
SSH_AUTH_SOCK
is not actually visible to SSH but apart from that I'm not able to determine what is going wrong. Would appreciate any help that I can get in figuring out what I'm doing wrong!