35

I run Windows 10 with WSL. I have the desired behaviour on one computer, but cannot replicate elsewhere. Here's what I'm after:

  1. First time I run a remote git command using my ssh key, git prompts me for the passphrase
  2. Subsequent times no prompt, including in new terminal windows (I use ConEmu)
  3. When all console windows are closed, back to #1

Things I've tried:

  • using eval $(ssh-agent), followed by ssh-add; it will remember the passphrase, but if I put it in my ~/.bash_profile then it prompts me for every new console window, and I open a lot - many of which I'm not using git in.
  • setting git config --global credential.helper to cache or store
  • everything here
  • using bash.exe and wsl.exe to get git-credentials-manager.exe to work

Here's an example of what I've put in my ~/.gitconfig: [credential] helper = "/mnt/c/Program\\ Files/Git/mingw64/libexec/git-core/git-credential-manager.exe"

I've installed the git credential manager from here and have also tried the main Git For Windows installation as an alternative.

How can I encourage it to remember my passphrase?

Conan
  • 2,288
  • 1
  • 28
  • 42

3 Answers3

49

I tried the option to add AddKeysToAgent yes to ~/.ssh/config but it doesn't keep it between new tabs on the terminal.

The best solution I found so far is to do the following:

sudo apt install keychain

Find your hostname using the terminal:

hostname

Then add the following to your ~/.bashrc or ~/.zshrc file:

/usr/bin/keychain --nogui ~/.ssh/id_rsa
source $HOME/.keychain/YOUR-HOSTNAME-HERE-sh

Now, each time you reboot, you’ll have to enter your passphrase. But you only have to do it one time until you reboot or terminate WSL.

If you want to use the same key you already have on Windows you can follow this post Sharing SSH keys between Windows and WSL 2

David Buck
  • 3,752
  • 35
  • 31
  • 35
Marcelo Dapper
  • 606
  • 6
  • 4
  • 9
    This worked for me, thank you :) One thing I would recommend is using the `--quiet` flag to suppress the logs outputted each time a new terminal is opened. – MkMan Aug 12 '20 at 23:36
  • Switching accepted answer to this, as I've tried it and it works even better - now I get asked for my passphrase once within a windows session, and it lasts across all WSL sessions. Neat! – Conan Mar 27 '21 at 12:20
  • @Conan, your answer allows deferring the passphrase entry until the first use of a key. Is it possible to achieve the same behavior with `keychain`? – Atif Jun 17 '21 at 20:45
  • Not to my knowledge, I think you'd have to mess around with ssh-agent to get that behaviour. Note that keychain only asks once, and it remembers until you restart WSL, so it's very unobtrusive – Conan Jun 25 '21 at 13:17
22

I found the answer!

First, make sure you have ssh-agent running all the time by adding eval $(ssh-agent) to your .bash_profile.

Then add AddKeysToAgent yes to your ssh config:

touch ~/.ssh/config
chmod 600 ~/.ssh/config
echo "AddKeysToAgent yes" >> ~/.ssh/config

You'll get prompted when you first do some ssh, but the passphrase will be automatically added to the ssh-agent so you won't have to type it again until you end your session and start a new one.

Conan
  • 2,288
  • 1
  • 28
  • 42
  • 1
    It must not be the same on Mac. I followed your instructions, and when I closed and re-opened Terminal, I got `Bad configuration option: addkeystoagent` – Ryan Jan 08 '19 at 00:31
  • 2
    @Ryan Maybe this is related (sorry I don't have a mac): https://stackoverflow.com/questions/43382771/addkeystoagent-yes-ssh-config-not-working-on-mac – Conan Jan 08 '19 at 21:27
  • 1
    Thanks for sending. – Ryan Jan 08 '19 at 21:32
  • Somehow didn't work for me. I ended up with adding following lines at the end of `bash_profile.sh` file: `echo "Starting the ssh-agent..." eval $(ssh-agent) cd "C:\MyGitRepos" ssh-add` (Note: each command is on new line). This way each time you open the git bash it prompts for the passphrase automatically and you enter it once per session. – Mr. Blond Aug 17 '20 at 10:50
  • On WSL2 I added `eval $(ssh-agent)` to my `.profile` instead of `.bash_profile` and it worked perfectly. – Matt Dec 07 '22 at 07:11
21

I tried both methods in previous answers (as well as others found elsewhere) on WSL 2 and they either did not work or had caveats I couldn't live with. This is what worked for me.

Install keychain:

sudo apt install keychain

Then add the following line to your shell's configuration file (likely ~/.bashrc or ~/.zshrc):

eval `keychain --quiet --eval --agents ssh id_rsa`

Now you will only have to enter your password when booting WSL!

Thank you Birk Holland for this article.

Nolan Strait
  • 405
  • 4
  • 7
  • 3
    Oh thanks for adding this, keychain never used to work as there was a missing dependency that want available in WSL. Good to know it’s been added, this makes things much easier! – Conan Sep 16 '20 at 08:09
  • 2
    I have tried every other suggestions, but yours worked at first. Thank you. – Tárcio Zemel Jun 17 '21 at 16:04
  • nice. except dont blindly copy ssh keys around. make new ones for every new combination of source and target. You'll thank me later when one or the other gets comprimised or you want to deprecate the key. – airtonix Aug 25 '23 at 01:21