"How to use with Windows 10 native OpenSSH client" is no longer needed

[jtnord]

FYI, As of gpg 2.4.0 (GpG4Win 4.1.0) there is a new option enable-win32-openssh-support that enables the correct pipe for Microsoft OpenSSH build to work out of the box.

[imkuang]

Thanks for the reminder, I just tried it and it worked fine for me. Now I can use the Windows native OpenSSH client to connect to my server via my GPG authentication subkey without additional software! (I've been using wsl-ssh-pageant with the Windows native OpenSSH client for SSH authentication for almost two years, thanks to the author benpye).

I haven't seen an explanation of this option on the official GnuPG website or anywhere else., so just for the reference of latecomers:

1. put the enable-win32-openssh-support line in your gpg-agent.conf file (no longer need enable-ssh-support or enable-putty-support)
2. put the keygrip id of your GPG authentication subkey in your sshcontrol file as before
3. If you previously added the "SSH_AUTH_SOCK" environment variable to use wsl-ssh-pageant, remove it (Gpg4win seems to handle this environment variable automatically) or set it to \\.\pipe\openssh-ssh-agent
4. kill gpg-agent and restart it by executing the command: gpg-connect-agent killagent /bye, gpg-connect-agent /bye

Then reopen a command session, run the ssh-add -L command, and you will see the SSH public key output from your GPG authentication subkey.

[navossoc]

@imkuang ssh-add-L is execute on Windows, right? Is it possible to make the ssh-add -L list the same keys on WSL?

# ssh-add -L
Could not open a connection to your authentication agent.

My goal is to have a YubiKey on Windows, share it's keys to ssh-add on Windows (it's already working) and at the same use ssh-add on WSL 2.

My SSH_AUTH_SOCK is not set on WSL.

We have this pipe \\.\pipe\openssh-ssh-agent and /mnt/c/Users/windows/AppData/Local/gnupg/S.gpg-agent but neither seems to work.

I guess the only solution for this is still npiperelay? Thanks.